CPU hardware vulnerable to side-channel attacks (opens in new tab)

Meltdown: affects only Intel CPUs, is the 'biggy' short-term, but patches to mitigate it are landing as we speak and patches to eliminate it using trampolines are described in the paper. So no need to replace your Intel CPUs unless you can't live with the performance drop, but a good reason for buying AMD going forward.

Spectre: hits AMD too. Hits everyone today. Hope for a new arch (bias: I am a Mill CPU dev ;) )

Can't it be fixed with a microcode update?

Do Intel even sell any non-vulnerable CPUs?

This has been tried several times and it just doesn't look like it works in practice. Delay slots, Itanium, etc.

The CPU is a bit like a JIT in that it can see how the program is really running and optimise for those conditions, which the AOT compiler cannot. Your AOT compiler may not know you're going to take a branch more times than not, but your CPU may be able to work that out at runtime. And then tomorrow you may never take the same branch and it'll work that out as well for the same code.

Itanium tried this and Intel got burnt by the experience. Not saying you’re wrong, just saying Intel won’t believe you for a while yet.

There is a third way: have the CPU JIT the code to a very different architecture according to completely programmable firmware, just like Transmeta did.

I don't know whether the Transmeta CPUs are vulnerable to Spectre and Meltdown, but fixes to both would be one firmware update away - and most probably with little to no performance impact.

Wasn't that the goal of Itanium which failed?

You could have invented RISC 40 years ago!

After 15 years of class action appeals, you’ll get a voucher for $15 off of a retail-packaged processor.

Doubtful - Intel's press release is carefully worded to suggest that the chip is working as designed, and that others are to blame if exploited. I'm sure they see the lawsuits on the horizon

did you pay with a credit card?

I can't think of any cryptocurrency-specific attack vectors off the top of my head. But if malicious Javascript code can use Spectre to escape the browser sandbox, then wallet private keys are potentially vulnerable, just like everything else on the machine.

My guess is at least one exchanger will run away with coins and blame it on the CPU vulnerability being exploited.

If your crypto coin lives on a box connected to the internet you're living dangerously. That said, I live dangerously too.

Not if you use a hardware wallet (Ledger or TREZOR). If you're using a web (Coinbase) or desktop wallet, you might be at risk. In reality, it's pretty unlikely to be exploited.

Someone could steal your login credentials for any web service, but the risk is mitigated if you use 2FA, or some sort of IP whitelisting.

Might have implications for some of the CPU only mined altcoins if they're slowed down.

It's not just untrusted code, it's all code.

"Trusted code" is one exploit away from being untrusted code. And solving that requires not accepting untrusted input, which makes most general purpose computing useless.

Has there been any research into solving this problem at the hardware level? I'm imagining something like having hundreds or thousands of distinct processors on a PC all isolated each running only one process.

It sounds extreme, but over time I've basically learned to treat "optimization" as a synonym for "introduces side channel attacks", and without something that can protect against a large majority of these kinds of exploits, computers are only going to get less secure.

I think that it's been proven that any computational system with shared resources is susceptible to side channel attacks. The only generic way to solve them is to share each resource equally across all its consumers (e.g. each thread gets 1/num_of_threads cpu time).

In the good old days everybody just used HTTP, FTP and telnet and NIS. Old archs also has other bugs we forgot about / never discovered.

You think it'd be less work having to coordinate with even more vendors than listed in the advisory?

Hear! In them olden days of yore, writing x86 assembly, I had a decent mental model of what my code was doing when.

I no longer do.

Any branch on attacker-controlled data can be speculatively bypassed. You would have to at the very least recompile all applications to attempt to mitigate the two Spectre variants discussed so far.

Unless there is some way to turn off speculation entirely, but that would hurt performance badly.

The problem is that there are not many alternatives.

AMD claims their current CPUs are not affected, but they still have the PSP, AMD's equivalent to Intel's ME. I suppose it has not been probed as thoroughly as ME because of Intel's bigger market share.

ARM CPUs are - according to Intel - also vulnerable, which disqualifies almost all other competitors.

I had hoped that the Longsoon chips would amount to something; I vaguely remember Richard Stallman used a notebook with Longsoon processor, but none of the vendors I checked at the time had even heard of it. And if you are paranoid enough, a Longsoon-based system might just replace the NSA with their chinese equivalent.

The only viable alternative from a technology point of view that I am aware of is the Talos Raptor workstation. Unfortunately, it is rather expensive. Okay, for a high-end workstation, the price is not unusual. But compared to the price of a regular office PC, it is very expensive.