In the first week of 2018, Meltdown and Spectre were publicly disclosed. The news of these vulnerabilities led to shockwaves across the world, with consumers and businesses terrified about their security posture and potential to be compromised.

在2018年的第一周， Meltdown和Spectre被公开披露。 这些漏洞的消息在世界各地引起了冲击， 消费者和企业对其安全状况和潜在的威胁感到震惊。

To understand why these vulnerabilities were such a problem, we need to understand what makes them unique. Although there are hundreds of new vulnerabilities reported every day, the vast majority of them are in the software. This includes the operating system (such as Windows 10, macOS, android, or iOS) or the web browser you are using (such as Chrome or Mozilla).

要了解为什么这些漏洞是一个问题，我们需要了解是什么使它们独特。 尽管每天都有数百个新漏洞被报告，但其中绝大多数都存在于软件中。 这包括操作系统(例如Windows 10，macOS，android或iOS)或您正在使用的网络浏览器(例如Chrome或Mozilla)。

When a software vulnerability is disclosed, developers can debug and diagnose what is causing the aberrant behaviour, fix the code that caused the vulnerability in the first place, and finally, release the patched version of the software to make it available immediately to everyone in the world.

披露软件漏洞后，开发人员可以调试和诊断导致异常行为的原因，首先修复导致漏洞的代码，最后发布该软件的修补版本，以使该漏洞立即可供所有人使用。世界。

Meltdown and Spectre, however, are hardware vulnerabilities. More specifically, these vulnerabilities are due to issues with the design choices and features of the hardware (in this case, the CPU chip). Depending on the vulnerability in question, proper safeguards on the software level might even be circumvented. This means that it may not be possible to “patch” the CPU at all; the only way to ensure security might be to buy a completely new CPU!

但是，Meltdown和Spectre是硬件漏洞。 更具体地说，这些漏洞是由于硬件(在本例中为CPU芯片)的设计选择和功能方面的问题引起的。 根据所讨论的漏洞，甚至可能会绕过软件级别的适当保护措施。 这意味着可能根本无法“修补” CPU。 确保安全的唯一方法可能是购买全新的CPU！

Although Meltdown and Spectre are sometimes considered a single vulnerability, it is more correct to think of them as a family of vulnerabilities that depend on specific features of modern CPUs. Meltdown relies on a feature called “out-of-order execution”. This feature allows an unprivileged user process to read the private memory of a different process, such as other applications of the kernel of the OS itself. This private memory may contain secrets or passwords.

尽管Meltdown和Spectre有时被视为单个漏洞，但将它们视为依赖现代CPU特定功能的一系列漏洞更为正确。 Meltdown依赖于一种称为“ 乱序执行 ”的功能。 此功能允许无特权的用户进程读取其他进程的私有内存，例如OS自身内核的其他应用程序。 此私有内存可能包含机密或密码。

Spectre, on the other hand, relies on speculative execution. Spectre works by allowing an unprivileged user to leak the memory of a different process, even if the process in question is perfectly written without any bugs and follows best practices. In fact, a well written program is MORE susceptible to Spectre-type vulnerabilities because best practices means more safety and error checking! Both of these are examples of side-channel attacks. A side-channel attack is one that relies on information inferred about the data in a computer based on its implementation, and indirectly-related signals such computation timing, cache monitoring, and power monitoring.

另一方面，Spectre依靠推测执行 。 Spectre通过允许无特权的用户泄漏其他进程的内存来工作，即使所讨论的进程编写得很完美，没有任何错误并遵循最佳实践。 实际上，写得好的程序更容易受到Spectre型漏洞的影响，因为最佳实践意味着更多的安全性和错误检查！ 这两个都是旁道攻击的例子。 边信道攻击是指依靠基于其实施方式推断出的有关计算机中数据的信息以及与计算时间，高速缓存监视和电源监视等间接相关的信号来进行的攻击。

While Spectre and Meltdown may be the most famous examples of hardware vulnerabilities, they are far from the only ones. Throwhammer and RAMBleed, for example, are vulnerabilities that take advantage of how memory (SDRAM) chips are manufactured. They belong to a family of vulnerabilities known as Rowhammer attacks. These are caused by a hardware design flaw in the chip. Normally, a memory chip is made up of memory cells arranged in a grid pattern. These cells store the value of a single bit (0/1). A high voltage corresponds to a 1 and a low voltage corresponds to a 0. In 2014, researchers found that if the same row of cells were repeatedly read over and over again, an electrical charge will be created that flips the bits in the adjacent rows. This means that theoretically, it is possible to use this attack to modify the data of other processes i.e. either corrupt or manipulate data.

尽管Spectre和Meltdown可能是最著名的硬件漏洞示例，但它们远非仅有。 例如，Throwhammer和RAMBleed是利用内存(SDRAM)芯片制造方式的漏洞。 它们属于一系列称为Rowhammer攻击的漏洞。 这些是由芯片中的硬件设计缺陷引起的。 通常，存储芯片由以网格图案布置的存储单元组成。 这些单元格存储单个位的值(0/1)。 高电压对应于1，低电压对应于0。在2014年，研究人员发现，如果一遍又一遍地重复读取同一行单元，将产生电荷，从而翻转相邻行中的位。 这意味着从理论上讲，可以使用此攻击来修改其他进程的数据，即破坏或操纵数据。

Throwhammer is a vulnerability that allows rowhammer attacks to be carried out over a network due to the Remote Direct Memory Access (RDMA) feature of server-grade network cards. RAMBleed is a variant that combines Rowhammer with a side-channel attack to make it possible to steal data from adjacent memory cell rows, rather than just modifying it.

Throwhammer是一个漏洞，由于服务器级网卡的远程直接内存访问(RDMA)功能，它允许通过网络进行行锤攻击。 RAMBleed是将Rowhammer与侧通道攻击结合在一起的一种变体，可以从相邻的存储单元行中窃取数据，而不仅仅是对其进行修改。

When a vulnerable design choice or feature is discovered, the offending feature is investigated more thoroughly by security researchers, and more variant vulnerabilities are usually discovered over time. Meltdown, for example, has at least 6 variants, while Spectre has at least 9. This time lag can result in negative PR for the companies involved. Furthermore, the research into Meltdown and Spectre eventually led to the discovery and categorisation of “Microarchitectural Data Sampling (MDS) attacks” after finding two new families of vulnerabilities: Fallout and RIDL.

当发现易受攻击的设计选择或功能时，安全研究人员会更彻底地调查有问题的功能，并且通常会随着时间的推移发现更多的变体漏洞。 例如，Meltdown至少具有6个变体，而Spectre至少具有9个。这种时滞可能导致所涉及公司的 PR 下降 。 此外，对Meltdown和Spectre的研究在发现了两个新的漏洞家族(辐射和RIDL )之后，最终导致了对“ 微体系结构数据采样(MDS)攻击 ”的发现和分类。

These are similar to Meltdown/Spectre in that they are side-channel attacks and can be used to leak passwords and secrets. They take advantage of MDS to expose data leaving internal CPU buffers, which can include non-cached data. While Meltdown and Spectre depend on knowing which CPU chipset is used by the machine to successfully exploit the vulnerability, Fallout and RIDL does not require such information. This makes it much harder to mitigate these vulnerabilities. The best way to mitigate this vulnerability is to disable hyperthreading on all CPUs, which may result in a noticeable performance drop.

这些与Meltdown / Spectre相似，因为它们是旁道攻击，可用于泄漏密码和机密。 它们利用MDS公开了离开内部CPU缓冲区的数据，其中可能包括非缓存的数据。 虽然Meltdown和Spectre取决于知道机器使用了哪个CPU芯片组来成功利用此漏洞，但Fallout和RIDL不需要此类信息。 这使得缓解这些漏洞变得更加困难。 缓解此漏洞的最佳方法是在所有CPU上禁用超线程 ，这可能会导致性能显着下降。

Most vulnerabilities take advantage of a specific application with vulnerable code. Anti-virus tools usually work by comparing the contents of each file with a database of malicious code signatures. If there is a match, that file is considered to be malicious. In contrast, the attacks discussed so far can be abused as part of any piece of software that runs on a machine, not necessarily a malicious, pre-compiled application binary. This makes them extremely hard to be discovered by anti-virus solutions (But it is not impossible). Furthermore, most hardware vulnerabilities do not leave any trace in any log files as it bypasses most of the software layer.

大多数漏洞利用带有易受攻击代码的特定应用程序。 防病毒工具通常通过将每个文件的内容与恶意代码签名的数据库进行比较来工作。 如果匹配，则认为该文件是恶意文件。 相反，到目前为止讨论的攻击可以作为在计算机上运行的任何软件的一部分(不一定是恶意的，预编译的应用程序二进制文件)滥用。 这使得它们极难被反病毒解决方案发现( 但这并非不可能 )。 此外，大多数硬件漏洞绕过大多数软件层，因此不会在任何日志文件中留下任何痕迹。

While it may be difficult to prevent this kind of attack being possible, they are quite difficult to pull off in practice. This is because they usually require local code execution to be possible. Also, it may take a combination of vulnerabilities to steal actionable data; a single vulnerability by itself may not be able to accomplish much. These attacks are also usually very slow, and thus require a prolonged period of exposure to allow an attacker to steal/corrupt data. Meltdown, for example, can only read memory at ~120 KB/s.

虽然可能很难阻止这种攻击，但在实践中很难实现。 这是因为它们通常要求可以执行本地代码。 此外，窃取可操作数据可能需要结合多种漏洞； 一个漏洞本身可能无法完成很多工作。 这些攻击通常也很慢，因此需要长时间暴露，以使攻击者能够窃取/破坏数据。 例如，Meltdown只能以〜120 KB / s的速度读取内存。

Mitigating hardware vulnerabilities can be troublesome due to the lack of one-size-fits-all solutions. Depending on the hardware, the vendor, and the variant of the vulnerability, the mitigations will be different. This makes it very difficult to know if you are affected without doing some research. Furthermore, when a new family of vulnerabilities is discovered, mitigation might mean sacrificing performance (or money if you need to replace hardware).

由于缺乏一种一刀切的解决方案，减轻硬件漏洞可能会很麻烦。 根据硬件，厂商和漏洞的变体，缓解措施将有所不同。 如果不做一些研究，就很难知道您是否受到影响。 此外，当发现一个新的漏洞家族时，缓解措施可能意味着牺牲性能(或者如果需要更换硬件，则是金钱)。

Although mitigation is tough, it is not impossible. It starts with having thorough knowledge of all your hardware assets. This allows us to check if there is a new security advisory or a patch available. By looking at what data is most critical and sensitive, we can add layers of security and monitoring controls to protect that data i.e. practicing defence-in-depth. This may make it uneconomical for you to be targeted.

尽管缓解措施很困难，但并非不可能。 首先要全面了解所有硬件资产。 这使我们可以检查是否有新的安全公告或补丁。 通过查看哪些数据最关键和最敏感，我们可以添加安全保护层和监视控件以保护该数据，即进行深度防御 。 这可能会使您成为目标不经济。

Defence-in-depth allows the defender more time to determine who the attacker is. In cases where resources are not a concern for the attacker, it may not be possible to stop the attacker. However, the extra time may allow you to determine who the attacker is. When a new vulnerability is discovered, the most important thing is to mitigate immediately. Most software vendors will quickly release instructions on how to do this.

纵深防御使防御者有更多时间确定攻击者是谁。 在攻击者不关心资源的情况下，可能无法阻止攻击者。 但是，额外的时间可能使您可以确定攻击者是谁。 发现新漏洞时，最重要的是立即缓解。 大多数软件供应商将Swift发布有关如何执行此操作的说明。

Additionally, as most hardware vulnerabilities require local execution, it is extremely important to have good physical security. Do not leave your computer/phone anywhere public as it can be easily tampered with. Do not leave your devices turned on and idle for extended periods of time, as most of these attacks are quite slow. Hardware vulnerabilities are a very thorny problem that will only get worse as computers, phones, and IoT devices become increasingly ubiquitous. Vigilance and a proactive approach are the best tools in this fight.

此外，由于大多数硬件漏洞都需要本地执行，因此拥有良好的物理安全性极为重要。 请勿将计算机/电话放在公共场所，因为它很容易被篡改。 由于大多数攻击速度都很慢，因此请勿长时间打开设备并保持空闲状态。 硬件漏洞是一个非常棘手的问题，只会随着计算机，电话和物联网设备的普及而变得越来越严重。 保持警惕和采取积极主动的态度是这场斗争的最佳工具。