Meltdown and Spectre: Samsung Galaxy S7 vulnerable to Meltdown hack

Samsung's Galaxy S7 range of smartphones contained a security flaw that made it vulnerable to the Meltdown exploit, potentially putting tens of millions of users at risk of hacking.

Both the Meltdown and Spectre vulnerabilities first emerged earlier this year when it was discovered that the majority of modern processors were susceptible to a design flaw. Meltdown, which mainly affects Intel processors, allowed hackers to potentially 'melt' or bypass a system's hardware layer that would otherwise protect the memory layer.

This would effectively mean criminals could gain access to user data they wouldn't normally be able to.

Researchers from Graz Technical University in Austria revealed to Reuters this week that they had discovered a way to exploit this vulnerability on S7 smartphones, devices that were previously thought to be immune.

Alongside Intel processors, those based on the ARM architecture and a handful of IBM chips were also found to be vulnerable. Samsung has always used a combination of Qualcomm (for US devices) and in-house Exynos chips in its smartphone line, the latter being ARM-based and therefore vulnerable in theory.

"There are potentially even more phones affected that we don't know about yet," said researcher Michael Schwarz, speaking to Reuters. "There are potentially hundreds of millions of phones out there that are affected by Meltdown and may not be patched because the vendors themselves do not know."

Samsung said it had already released a patch to fix the exploit. There are no known reports of Samsung devices being exploited in this way in the wild, however, the patch was only made available last month, which could mean there are millions of devices still vulnerable.

"Samsung takes security very seriously and our products and services are designed with security as a priority," said a Samsung spokesperson, in a statement to Reuters.

Rob Shapland, principal cyber security consultant at Falanx Group, told IT Pro: "While it was initially thought not to affect the Samsung Galaxy S7, new research that will be published at the Black Hat conference shows that it is possible to exploit the S7, and quite possibly many other devices, to steal information.

"For Samsung users, the fix is simple, as the company have already released a patch to fix the problem. This will be installed by anyone running an update on their phone, but it can take a while for people to do this. There are no known examples of the vulnerability being used on Samsung devices as yet, but it still very important that owners of the S7 ensure their phone is up to date."

Samsung reportedly sold as many as 48 million S7 units within the first year of its launch, and its thought 30 million are still in use.

13/07/2018:Chrome 67 comes with a memory hogging Spectre fix

The Spectre CPU vulnerability can be exploited to break into CPU mode on Intel x86 mode, or System Management Mode (SMM), systems previously thought to have been out of reach of the critical flaw.

Yuriy Bulygin, the former head of Intel's advanced threat team, explored the vulnerability in research conducted by his new security company Eclypsium. He modified Spectre variant 1 with kernel privileges to see whether it was intelligent enough to attack a system's firmware and uncover code in SMM, which is supposed to be a secure partition of BIOS or UEFI firmware. In fact, it's so secure, even kernels or hypervisors are prevented from accessing it.

In the normal running of a system, code is sent to the SMM and the operating system is halted while the CPU performs critical processes, such as those related to power management or hardware, and as such is normally highly-privileged and inaccessible with software.

However, Bulygin's research revealed that modified code for the Spectre variant 1, known as CVE-2017-5753, was able to break into the SMM.

"These enhanced Spectre attacks allow an unprivileged attacker to read the contents of memory, including memory that should be protected by the range registers, such as SMM memory," the report explained. "This can expose SMM code and data that was intended to be confidential, revealing other SMM vulnerabilities as well as secrets stored in SMM."

They said although this research relates to Spectre variant 1, variant 2 could be modified in the same way, resulting in a similar vulnerability.

Intel commented that patches rolled out for the original flaws will be enough to protect against these new vulnerabilities.

13/07/2018:Chrome 67 comes with a memory hogging Spectre fix

Google's Chrome 67 has gained the Site Isolation feature, which aims to protect against Spectre vulnerabilities and similar side-channel attacks.Site Isolation is a large change to Chrome's architecture that limits each renderer process to documents from a single site. This allows Chrome to rely on the operating system to prevent attacks between processes.

It splits the rendering process into separate tasks using out-of-process iframes, which makes it difficult for Spectre side-channel attacks.

"In Chrome 67, Site Isolation has been enabled for 99% of users on Windows, Mac, Linux, and Chrome OS. Given the large scope of this change, we are keeping a 1% holdback, for now, to monitor and improve performance," Google Chrome team member Charlie Reis explained.

"This means that even if a Spectre attack were to occur in a malicious web page, data from other websites would generally not be loaded into the same process, and so there would be much fewer data available to the attacker. This significantly reduces the threat posed by Spectre."

However, such protection comes at a cost. Site Isolation does cause Chrome to create more renderer processes, which comes with "performance tradeoffs" with about 10-13% total memory overhead in real workloads due to a large number of processes. This is notable as the Chrome browser is already known to be quite the memory hog when compared to other browsers which are less resource hungry.

Contributor

Dale Walker is a contributor specializing in cybersecurity, data protection, and IT regulations. He was the former managing editor at ITPro, as well as its sibling sites CloudPro and ChannelPro. He spent a number of years reporting for ITPro from numerous domestic and international events, including IBM, Red Hat, Google, and has been a regular reporter for Microsoft's various yearly showcases, including Ignite.