From now on every week I will try to publish an article under the name ‘Sup Infosec?’ Where I will write about interesting tools, information, or crazy stories other than data breaches or some undervalued topics in security. I will try my best so that everyone could understand. In this article, the topics/stories are
- Google releases PoC for Spectre-proof web
- Morpheus “The impenetrable chip”
Google releases PoC for Spectre-proof web
Google’s security research team Project Zero on March 12 released PoC (Proof of Concept) for Spectre-based web exploit. A bit of back story about Spectre, it is a hardware vulnerability in CPU chips like Intel and AMD, which allows a malicious actor to read and manipulate program control flow. This vulnerability was released by Google’s project zero in the year 2018 along with another vulnerability called Meltdown.
After disclosing this vulnerability, a white paper was made on how one could potentially steal browser memory by simply visiting a website. Now Google made a website based on the white paper which demonstrates this attack that allows malicious actors to read browser memory via a code that triggers attacker-controlled transient execution and a way to observe side effects of the transient execution, naming them as A Spectre Gadget and A side-channel attack respectively. I am attaching a demo of this attack in action.
- website link: https://leaky.page/
- They made it opensource and you can find the repository link at their Github
And the information will be leaked at speeds of 1kb/s while using Chrome 88 on Intel Skykale CPU. It differs from browser to browser and the CPU being used on my laptop with Intel Core i5–7th gen with chrome 89. The rate at which memory was being leaked was 254B/s or 0.25kB/s.
How does one mitigate it from being abused by malicious actors? Mitigation could be difficult in this situation as the vuln exists in the very hardware of your system. Unless if you have the capability to change your CPU to the latest chips/hardware, you are kinda safe. But there is one thing a web developer can do is isolate their sites.
For more details, you can read their report on their blog ▬ Link
Meet Morpheus “The impenetrable chip”
On April 17, 2019, the University of Michigan backed by US DARPA made a microprocessor Morpheus deemed to be “impenetrable” and is tolerant of any vulnerability. In general, when we or malware tries to hack a server/device, it tries to escalate its privilege or try to manipulate control flows or code injections, by locating a sensitive pointer, exploiting a bug to overwrite this sensitive data, and hijacking the victim program’s execution that allows to pwn it. We then call these vulnerabilities, and then we try to rewrite the code or change its implementations to avoid being pwned. This process is never-ending where one has to find errors/vulns and others try to correct them.
So what makes Morpheus ‘impenetrable’? Morpheus uses a complex layer that obfuscates/encrypts and then randomizing (Churn) the data for every 50ms which forces attackers to probe the system before an attack. With randomizing data for every 50ms it would attempt to attack harder as the fastest chip could execute its attack vector, it would take more than 50ms, by then the location of data/pointer would have been changed by then attempting to attack would be useless.
“Imagine trying to solve a Rubik’s Cube that rearranges itself every time you blink. That’s what hackers are up against with Morpheus. It makes the computer an unsolvable puzzle.”- Todd Austin, The University of Michigan.
Morpheus doesn't address every vulnerability in general but it greatly reduces the chance of a vulnerability being exploited as data moves which reduces the attack surface.
With a bounty prize of $10,000 for every vulnerability found in Morpheus, more than 500 security researchers have tried and are still trying to pwn it even after 2 years. Could this chip be truly ‘impenetrable’ and be the gateway to more secure devices than ever? Only time would answer it as everything has a hidden or overlooked x-factor that has the potential to break its absolute true nature. If you want to read more about it, you can find the paper on Morpheus, use this Link.
I will post more interesting stories for the second article in this series. Hope you might have found something interesting.
Feedback is much appreciated. Do let me know how was the article on @Krishnasai_456
Stay safe, stay tuned till next time ❤