Ask HN: Real-World Breaches from Speculative Execution Vulns?
For years we’ve been reading about how vulnerable so many computer systems, especially ones using Intel and AMD processors, are highly vulnerable to speculative execution attacks such as Spectre, Meltdown, Foreshadow and Fallout. Numerous demonstrations of the feasibility of these attacks have been published, seemingly showing their practicality (even in JavaScript). Microcode updates that partially mitigate them have meant significant performance slowdowns, also suggesting their practicality. Are there many cases where these vulnerabilities have led to actual security breaches of real-world systems?
7 comments
[ 3.8 ms ] story [ 27.3 ms ] threadAnd even if something were detected -- say, someone stole a password and then used it to break in, and that break in were detected; or someone set up a phishing webserver that had the real private SSL certificate -- how would you know whether the password or cert was stolen via speculative execution, or whether it was socially engeneered, guessed or brute forced (in the case of a password), leaked by a disgruntled employee, or stolen by traditional hacking methods (in the case of a cert)?
EDIT: If by "publicized hack", you mean the hacker(s) themselves made a public claim about having used speculative execution, then no, I haven't personally heard of such an instance.
I've never seen them in the wild.
Second is that for the most vulnerable attack scenarios, they were mitigated long before the public release of Spectre and Meltdown. The big one was cloud computing - attackers being able to exfiltrate data from VMs running on the same host. Microsoft, Amazon and Google had many months in which to roll out updates to their infrastructure that enhanced VM isolation. Similar for browser vendors, for example Chromium introducing Site Isolation. And operating system developers - mitigations for Windows kernel and Linux were being tested for months before public disclosure.