We’re all getting quite the lesson in “speculative execution” today, and why faster isn’t always better.
It’s the oldest story in technology — and perhaps in human existence. In a race to make things faster and better and stronger, we’ve once again stumbled into danger, or flown too close to the Sun. (Icarus would tell you this is a very old problem.)
Technology companies are obsessed with speed — and let’s face it, so are consumers. So engineers pick over every piece of software and hardware, constantly pushing the boundaries of execution. Many, many ingenious techniques have arisen as a result. Without this drive, we couldn’t do many of the things we do today, such as summon a car and driver with a hand-held gadget.
On the other side of the equation, however, nowhere near that kind of energy has been put into keeping us safe. That’s just the nature of progress, and of greed.
By now you know that security researchers have found a serious flaw the impacts most devices, computers, and networks. Two attacks, named Spectre and Meltdown, make computers and gadgets cough up their most sensitive data in their most fundamental and exposed memory spaces. At the center of the Spectre flaw is a brilliant technique called “speculative execution.”
When you use a gadget, you often switch back and forth between asking for things and pausing (and, so does the software in your gadget). Years ago, engineers realized that these pauses were an opportunity, and designed a way to take advantage of this idle time guessing what you want to do next. If you’ve ever screamed in frustration when Microsoft Word automatically makes a bulleted list of things you don’t want in a bulleted list, you know such guessing — speculating – isn’t always perfect. But do it a zillion times a day and you will get it right often enough to generate a real performance improvement. Even if you take a lot of wrong turns along the way. It’s a very real-world version of Yogi Berra’s famous aphorism, “When you come to a fork in the road, take it.”
It’s those wrong turns that researchers have learned to exploit. The “forks” that processors take which turn out to be incorrect are full of rich, sensitive data — even passwords. The data is in raw, unencrypted form for processing. Normally, that wouldn’t be a problem. Data processed in the most fundamental memory space in a computer, the kernel, is generally protected by the strongest security measures, walled off even from other applications. And that’s still true: for all the right forks in the road. But researchers have recently learned that wrong-turn data isn’t quite as secure, and for the brief time that it exists before it is deleted, it can be tricked into divulging its secrets. Worse yet, computers can be tricked into taking specific wrong turns, something the researchers call “transient instructions.”
The flaw is important because it happens at the level of chip architecture. That means virtually all computers, phones, or almost anything with a modern computer chip are vulnerable.
The consequences are severe, says Google in its announcement of the flaw.
“An unauthorized party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications,” it said. “These vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running on them.”
Massive patching efforts are underway. If you have an Android phone, a recent over-the-air security update has protected you already, as long as you’ve installed it. There will be a cost, however. Gadgets with the security update will operate more slowly, thanks to the digital equivalent of a yellow caution flag going up inside your gadgets. Most probably won’t notice the slowdown.
But will developers actually slow down in the name of safety? Authors of the paper on one of the two named attack techniques — Spectre — don’t hide their feelings about the issue.
“There are trade-offs between security and performance. The vulnerabilities in this paper, as well as many others, arise from a longstanding focus in the technology industry on maximizing performance,” they write. “As a result, processors, compilers, device drivers, operating systems, and numerous other critical components have
evolved compounding layers of complex optimizations that introduce security risks. As the costs of insecurity
rise, these design choices need to be revisited, and in many cases alternate implementations optimized for security
will be required.”