This is how the Dutch government digitally camouflages sites deemed vital to national security from satellite surveillance on Google Earth. In this image, a NATO Storage Annex is hidden from view.
Koooooj: The security flaw allows a program to use speculative execution and caching to read data that should not be accessible.
Speculative execution is a technology where a processor is allowed to guess what the result of some slow check will be and to carry on down one path of execution. If the processor guessed right, hooray! Some time was saved. If it guessed wrong then all of that execution gets undone (“unwound”) and the processor continues down the correct path.
Caching is a technique where data is stored on the processor itself instead of in RAM. While RAM is incredibly fast by most standards, it’s slow compared to the CPU itself. In order to keep the CPU fed with data there’s a chunk of blindingly fast memory right on the processor itself. The CPU tries to keep data that’s used frequently in the cache.
One version of the bug plays out as follows:
1. Request a very slow check that’s going to fail but that the processor guesses will succeed.
2. Based on the assumption that that check succeeded, read some memory you’re not supposed to have access to.
3. If a certain bit of that illegally accessed memory is a 1, load one certain value from memory; otherwise, load a different value from memory.
4. Wait for the processor to figure out that it guessed wrong; steps 2 and 3 roll back. The check in step 1 was the security check, so the program doesn’t get killed by the OS for reading someone else’s memory.
5. Load each of the two values from step 3 and see which one loads faster. That tells you which value was loaded during speculative execution and thus tells you the value of the bit that you’re not supposed to have access to.
You can repeat that for every bit in a byte, every byte in a kilobyte, and so on. You can read whatever memory you want with this.
There are two other variants of the bug which play out somewhat similar but more complex.
This bug is especially bad because it exists at the hardware level. You can’t just fix the bug in the OS. What you *can* do is change the way that memory is tracked. This is brutal on the performance of the system, but it prevents the hardware bug from allowing you to access anything important.
2piSquared: Effectively, something as simple as a Javascript app on a web page is able, through analyzing your processor performance over time, to discern certain aspects of and even collect data from other processes. Meaning, if you have a malicious web site open, it can learn a concerning amount of information about what else you are doing on that machine at a given time.
This is a structural flaw. It can be patched with a firmware update, but it will also significantly slow down the processor, by erasing a lot of Intel’s innovation over the past decade.
What happened was that Intel’s signature processor design and the method they were using to augment chip performance was fundamentally flawed from the beginning.
sickofallofyou: One of them allows a hacker to read protected virtual memory (bad if you’re dealing with sensitive data, hacker can read your classified data), the other allows the hacker to use one infected low priority program to compromise a high priority secure program, AND the attempts by the secure program to secure itself actually make it an easier target.
Karmic_Backlash: Your CPU, Basically your computers brain, is not supposed to let programs alter read certain types of Ram, Which I will now call.
#***THE FORBIDDEN DATA***
The issue here is two fold, Almost all Intel CPU’s since 1995 have a bug that lets programs change the ***THE FORBIDDEN DATA*** (Good job Intel). This in and of itself if really bad. The bigger issue is that there is a big pile of evidence that says that they knew about this issue for years and never fixed it.
This was not helped by the CEO of Intel dropping a very large chunk of his shares in the company right before this information was announced.
The reasons this is bad is that your secret information like computer login information and hidden keys are held in ***THE FORBIDDEN DATA***. Which means that a particularly mean person could slip your computer a thingy that makes it tell the mean person all your secret information.
One last kick in the pants is that while this is technically possible to patch out, due to the fact that its your CPU thats being affected, the performance of said CPU will be knocked down a bit.
Raestloz: Essentially:
Your boss have a good secretary who are so good she can guess what you’d want when you ask her to do something, and she’d do it beforehand
Usually this is something benign like “can you arrange a meeting with boss?”, she’d respond with “I’ve already arranged it, here is the schedule”
But sometimes this secretary is far too good for herself, and would fetch documents based on her guesses.
By making a certain request, you can make this secretary guess that you’d need some secret files and fetch those files without thinking too much, and you’d be able to read those files
zoox101: There are already some great answers here, but this is a really important issue for everyone to understand, so I’m going to do my best to ELI5 it even further.
At it’s heart, your computer works just like a library. It’s constantly reading and moving information just like students read and move books. And just like any good library, your computer has a friendly librarian: Ms. Kernel.
Whenever you go to check out a book, you give Ms. Kernel the title and she goes to fetch it for you.
However, this library may contain some pretty secret stuff, so Ms. Kernel always checks to make sure you’ve got permission to read the book you’re asking for.
Back in the old days, Ms. Kernel had to do all the work herself, and as you might imagine, it was painfully slow. However, recently we’ve gotten better at designing computers that can do multiple operations at once, meaning that Ms.
Kernel now has a bunch of assistants helping her out. Yay!
This is great for the library, because now it can handle more people than ever before. However, it also creates a weakness that was only just discovered.
Here’s how it works…
You, a mischievous ne’er do well, want to read Suzie’s diary, which she keeps in the library. However, Suzie hasn’t shared her diary with you, so Ms. Kernel won’t let you check it out. So you decide to do something rather clever…
Rather than asking for the diary directly, you ask Ms. Kernel to do two things…
1. Fetch Suzie’s diary
2. Fetch a book where the first word in the title is the first word in Suzie’s diary
Now, back in the old days this wouldn’t have been a problem. The first thing Ms. Kernel would have done would be to ask Suzie if you could read her diary. When Suzie said no, Ms. Kernel would have stopped.
However the assistants make things more complicated.
To save time, Ms. Kernel asks one assistant to ask Suzie for permission while the other goes to find the two books you asked for.
When the first assistant tells Ms. Kernel that Suzie said no, the second one gives her the books which Ms. Kernel sets on her desk.
Ms. Kernel tells you that you can’t have the books. However, because they’re sitting on the desk, you can read the titles. The first one’s called “Suzie’s Diary” and the second one’s called “The Cat in the Hat”.
Because you asked for a book that has a title that begins with the same word as the first word in Suzie’s diary, you know that the first word in the diary must be “The”.
If you wanted to, you could repeat this process for every word in the diary, until you could read the whole thing.
The problem with this exploit is that it works in every library that has assistant librarians, which covers just about every modern processor out there.
The only real fix is to force the assistants to run the check before fetching the books, which will slow down the library as a whole.
The biggest issue is that the parallel processing (assistants) is leaving the cache (desk) in a different state than they found it, even though the permission check failed.
Thankfully, there isn’t any known malware that exploits this bug, but the safest thing to do is to update your devices as soon as a fix is released, to prevent then from being affected in the future.
The performance issue shouldn’t be a major problem for most personal devices (small library, few assistants) but will likely cause a performance decreases on larger machines (i.e. university supercomputers).
ameoba: I wouldn’t lose too much sleep over it. These flaws have been in every Intel chip made for the last 20+ years and we’re *just now* seeing proof of concept exploits for it come out.
Skipping over the non-ELI5 mumbo-jumbo, there’s a bunch of stuff going on under the hood that forces the memory used by different programs (and the OS) to be blocked off from each other. These exploits *possibly* allow you to see some traces of that memory.
Practically, it’s like saying that because somebody can shine a flashlight in through the keyhole in your front door, they might be able to read the diary you keep in your bedroom.