Two New Variants of Spectre Discovered

Security researchers have discovered two new variants of Spectre 1 that can be used to compromise systems running AMD, ARM, and Intel chips.

According to researchers, Spectre 1.1 is a sub-variant of the original Spectre Variant 1 that leverages speculative stores to create speculative buffer overflows. Spectre 1.2 depends on lazy page table entry (PTE) enforcement, the same mechanism on which the Meltdown flaw exploitation relies.

Spectre is not a single vulnerability; it's a class or family of flaws that have their origin in the way modern processors work. To be faster, modern chips speculate what will be executed next, which reduces time and makes the overall operation much faster. "At the program level, this speculation is invisible, but because instructions were speculatively executed they might leave hints that a malicious actor can measure, such as which memory locations have been brought into cache," Intel wrote in a whitepaper.

That's exactly what bad actors exploit. Two security researchers who discovered these new variants wrote in their research paper (https://arxiv.org/pdf/1807.03757.pdf ), "Practical attacks that exploit speculative execution can leak confidential information via microarchitectural side channels. The recently demonstrated Spectre attacks leverage speculative loads that circumvent access checks to read memory-resident secrets, transmitting them to an attacker using cache timing or other covert communication channels."

Unlike earlier, when Intel kept the news under wraps (https://www.theverge.com/2018/2/23/17043768/intel-meltdown-spectre-no-us-goverment-warning), this time the chip maker responded by rewarding researchers $100,000 for the discovery. The company is reportedly working on a Microsoft Windows-like update cycle to allow better testing and deployment of patches. The previous efforts to patch Meltdown and Spectre led to broken systems that prompted companies like Red Hat to roll back updates.

SUSE Sold for $2.5 Billion

SUSE is like a seasoned football player who changes ownership after a few successful seasons. This time the Swedish group EQT is buying SUSE from British-owned Micro Focus. This is the fourth sale of SUSE since its inception in 1992, a year after Linus Torvalds announced the Linux kernel.

What's different this time is that SUSE is being acquired by an investment firm and not a tech company. SUSE CEO, Nils Brauckmann, sees this as a move towards independence, with the company charting its own course instead of being a business unit of another tech company. "By partnering with EQT, we will become a fully independent business," said Brauckmann. "Together with EQT, we will benefit both from further investment opportunities and having the continuity of a leadership team focused on securing long-term profitable growth combined with a sharp focus on customer and partner success."

SUSE is well aware of the fact that the open source community will be keeping a close eye on this development. In a Hangout chat, Richard Brown, openSUSE board chairman and the face of the openSUSE community, told me that he received a phone call from Brauckmann updating him with the news and also reassuring him that nothing will change when it comes to open source and community engagement.

"As a SUSE employee, I'm excited about my employer's new owners. As an openSUSE contributor, I'm not only excited, but thrilled at the proactive steps SUSE has taken to reassure the community, which really shows just how well SUSE understands how to operate as part of the open source world," Brown said.

In case you are curious, EQT is an investment firm with approximately EUR50 billion in raised capital across 27 funds. EQT has portfolio companies in Europe, Asia, and the US with total sales of more than EUR19 billion and approximately 110,000 employees.

Sonic and Ultrasonic Signals Can Crash Your Hard Drive

Imagine an episode of Mr. Robot where Elliot could crash the target hard drive remotely using ultrasonic signals. This story is closer to reality than it seems.

Security researchers from the University of Michigan and Zhejiang University in China have published a paper (https://spqr.eecs.umich.edu/papers/bolton-blue-note-IEEESSP-2018.pdf )that demonstrates that the latest hard drives can be crashed using sonic and ultrasonic signals.

Attackers can exploit the vulnerability to destroy hard drives of targets. "Adversaries without special-purpose equipment can cause errors in the hard disk drive using either audible or ultrasonic acoustic waves. Audible waves vibrate the read/write head and platters; ultrasonic waves alter the output of the HDD's shock sensor, intentionally causing the head to park," said researchers.

You don't need specialized devices to produce these signals. The sound can be created by the speakers of the laptop itself.

"Our tests have measured a Dell XPS 15 9550 laptop's output to be as high as 103 dB SPL from 1cm away from the laptop. We have observed write blocking using signals as low as 95.6 dB SPL. This demonstrates the possibility of using the laptop's own speakers to attack its own hard disk drive," said the researchers.

So, pay attention to sounds in your surroundings.