How a researcher hacked his own

The 31-year-old information security researcher and post-doctoral fellow at Austria’s Graz Technical University had just breached the inner sanctum of his computer’s central processing unit (CPU) and stolen secrets from it.

Until that moment, Gruss and colleagues Moritz Lipp and Michael Schwarz had thought such an attack on the processor’s ‘kernel’ memory, which is meant to be inaccessible to users, was only theoretically possible.

“When I saw my private website addresses from Firefox being dumped by the tool I wrote, I was really shocked,” Gruss told Reuters in an email interview, describing how he had unlocked personal data that should be secured.

Gruss, Lipp and Schwarz, working from their homes on a weekend in early December, messaged each other furiously to verify the result.

“We sat for hours in disbelief until we eliminated any possibility that this result was wrong,” said Gruss, whose mind kept racing even after powering down his computer, so he barely caught a wink of sleep.

Gruss and his colleagues had just confirmed the existence of what he regards as “one of the worst CPU bugs ever found”.

The flaw, now named Meltdown, was revealed on Wednesday and affects most processors manufactured by Intel since 1995.

Separately, a second defect called Spectre has been found that also exposes core memory in most computers and mobile devices running on chips made by Intel, Advanced Micro Devices (AMD) and ARM Holdings, a unit of Japan’s Softbank.

Both would enable a hacker to access secret passwords or photos from desktops, laptops, cloud servers or smartphones. It’s not known whether criminals have been able to carry out such attacks as neither Meltdown nor Spectre leave any traces in log files.

Intel says it has started providing software and firmware updates to mitigate the security issues. ARM has also said it was working with AMD and Intel on security fixes.

FINDING A FIX
The discovery was originally reported by online tech journal The Register. As a result of that report, research on the defect was published a week earlier than the manufacturers had planned, before some had time to work out a complete fix.

The Graz team had already been working on a tool to defend against attempts to steal secrets from kernel memory.

In a paper presented last June they called it KAISER, or Kernel Address Isolation to have Side-channels Effectively Removed.