Don't worry as for me it is a hype/
Let me describe my opinion.
What hackers use and why?
To introduce you to my sight i want to tell what hackers use and why. So
- Malware – used to steal password, use computer system power ( computational or network channel ), steal bank informations and etc.
- Remote Exploits – used to deliver malware to target systems. While there exists primitive social engineering techniques ( such as fake Flash plugin update, you know ) there are also exploits. It is a code that uses vulnerability in software to execute a code, read information and everything that can help hackers to install their malware.
- Local exploits – this is a type of code that exploits several vulnerabilities in local services. To run it – hacker must have access to the system. It include privilege escalation vulns., write-what-where and… Meltdown.
Before today, the all exploits abused software. Before today. Know it is a first exploit in hardware – Meltdown. Yes, it is a security breach. Yes, it is the exploit. But wait… it is not a problem!
Okey, let me describe why it is a hype. So, let’s abstract from IT. Let’s see marketing.
The all vulns have ID – CVE ID. It is the most sophisticated way to describe a vulnerability. Meltdown also has it: CVE-2017-5753 CVE-2017-5715 CVE-2017-5754. But… it also has a logo and website.
Wait… what? Website of vulnerability? Let us see: meltdownattack.com. Wow, it has also a logo! So, just a security error in architecture has a logo, website and more. It is a marketing. But who needs it? I don’t know.
Let us see the PoC asm code provided in white-papper:
; rcx = kernel address
; rbx = probe array
mov al, byte [rcx]
shl rax, 0xc
mov rbx, qword [rbx + rax]
1) This is a very huge address space. It is very hard to find a password, or a key. It has not identifiers that it is a sensitive information. You need to create prediction system to parse memory dump ( that dumped very long, with a speed in 50 kb/s it will dump hours ). So the problem – to locate needed information in the dump. No one will solve it, it is a very hard problem of forensics…
2) It can enumerate virtual addresses only in malicious process. So, it can access the shared memory in kernel, but not all user-memory mapped to kernel! Just in windows, for example, to share kernel memory with a process you must attach to the target process. So well, we not even sure information in the memory now. So what a problem? Really, it’s not.
So what exactly it is?
Yes, it is security vulnerability. But to exploit it in the wild attackers must have to solve more sophisticated problems. I emphasize that to exploit it – you need to find solutions for more hard problems than information disclosure. Attackers who have RCE in browser, that used by exploit kits, never wouldn’t use it. They will install a malware. If it has not rights to run, they will use LPE exploits. It is the more easy than introduce meltdown to working solution.
So it is not a security problem. It is a hype.
Got it from my blog securitywave.wordpress.com