CPU Security Flaws MELTDOWN and SPECTRE in the Console Realm *spawn*
- Thread starter iroboto
- Start date
D
Deleted member 11852
Guest
To be clear, all consoles are impacted by this. AMD cores are less susceptible, not immune.
To be clear, his exact words are:
The security architecture of Xbox already _mitigates_ against the recent chip-related security vulnerabilities.
Yes, he's not saying AMD makes them immune, but XB1's security overall isn't affected.
Edit: Why is this in the KB+M thread??
D
Deleted member 11852
Guest
I'm just clarifying that mitigate means to lessen. The papers published and comments made by AMD, Apple, ARM and Intel detail the problem in sufficient detail that it's known there is no definitive fix to most processor cores without an impact to performance. Microsoft will certainly have deployed the same patches to Xbox One's hypervisor as they have to their other software. Fuller solutions have yet to be deployed - then the performance impact will be known.
Of all products that might be targeted with a compromise, consoles are likely on the bottom of that list given the limited avenues for new software to be deployed on them and that there is very little sensitive data is every stored on them.
I don't think that's what they're concerned about. MS and Sony should maybe be more concerned about these flaws being used to abuse/crack/hack their console into the sea of pirates. All it takes is to pick up the $100 Self-Dev License and flip the Xbox One console into Developer mode and then the hackers can run whatever exploits they want and try to glean more super secret sauce from the Console OS. Though maybe Sony isn't too worried because they already had their entire 4.05 kernel dumped (16 bytes at a time).
EDIT: They also might not be concerned about Games breaking out but more of the Apps breaking out, since the games already need to undergo certain certification steps. On the MS side they're already in a UWP confined space, so perhaps adding more protection to that wouldn't have any consumer-facing impacts unless there are Games running under the UWP framework.
D
Deleted member 11852
Guest
I'm sure there is a degree of piracy on the console market but, judging by the sales numbers of most games, it's marginal at most. As for hackers, they'll be trying to crack the systems regardless and not necessarily for any malevolent intent.
But to what end? To get rogue code onto the console it either has to be done by the user themselves utilising another exploit, or it has to slip through the certification programmes of Microsoft and Sony. Discovery would lead to instant developer rights banishment and you'd have to invest in developing a genuinely appealing application concealing the rogue code to begin with. And for what?
I don't get it. Exploits on desktop computers and phones are worrisome because people store the most sensitive information in their lives on those devices, sufficient information to commit convincing identify fraud or even access banking information. Who has that kind of information on a console? The payoff has to be worth the effort.
Danny Ocean wouldn't have assembled Brad Pitt, Matt Damon and Don Cheadle to steal your Xbox Live account details
yesterday's xkcd
Last edited by a moderator:
There's a number of possible factors that could go into that claim.
AMD seems insistent that none of its cores perform the sort of speculation that leads to Meltdown.
In terms of the kernel, there's 2 or 3 depending on how one considers the hypervisor.
The game partition has its OS, and effectively one user process space. The bulk of the Spectre scenarios involve leaking data from other processes within an OS without leaving the current privilege level.
Leaking into another OS, be it the application or hypervisor one, is outside the scope of Spectre as we know it.
Some variations on getting the kernel to mispredict and run the wrong code can be partially mitigated from within the application or game partition for a subset of services that either console maker might be running behind some kind of queue or API and might be running on a reserved CPU.
Microsoft, by using some form of Windows, is likely using KASLR in some of the partitions. The PS4 jailbreak has indicated that for some time Sony hasn't bothered with KASLR. I believe its virtualization is container-based which to my recollection might not be sufficient to isolate domains to prevent Spectre.
There is a potential in specific areas like decoding media that Sony has hidden behind a secure API and other services that might run on the reserved core, helping mitigate certain forms of Spectre.
AMD seems insistent that none of its cores perform the sort of speculation that leads to Meltdown.
In terms of the kernel, there's 2 or 3 depending on how one considers the hypervisor.
The game partition has its OS, and effectively one user process space. The bulk of the Spectre scenarios involve leaking data from other processes within an OS without leaving the current privilege level.
Leaking into another OS, be it the application or hypervisor one, is outside the scope of Spectre as we know it.
Some variations on getting the kernel to mispredict and run the wrong code can be partially mitigated from within the application or game partition for a subset of services that either console maker might be running behind some kind of queue or API and might be running on a reserved CPU.
Microsoft, by using some form of Windows, is likely using KASLR in some of the partitions. The PS4 jailbreak has indicated that for some time Sony hasn't bothered with KASLR. I believe its virtualization is container-based which to my recollection might not be sufficient to isolate domains to prevent Spectre.
There is a potential in specific areas like decoding media that Sony has hidden behind a secure API and other services that might run on the reserved core, helping mitigate certain forms of Spectre.
To be clear then, this isn't about people gaining access through secret little programmes, but about programs running on the system being able to hijack it. So the only worry is if some published game is screwing around trying to hack your console? The fear here is that, post Lootboxgate, EA is going to try to steal your credit card details directly?
D
Deleted member 11852
Guest
The researchers demonstrated Spectre can be utilised to undermine the integrity of virtual machines and sandboxes, the extent of the compromises aren't yet known because it's more complex to achieve. Everybody is freaking out over Meltdown because it looks worse. It looks worse because it is fully understood. How far Spectre reaches isn't fully known and is far more complicated to fix. It may never be fixed until new processor designs.
Right now, it's just fear fuelled by poor media coverage. Well it's not all bad, but mostly. Every device you own is full of exploits but they're not an issue unless somebody is trying to exploit them. For somebody to want to do that there needs to be a reason and a vector of attack. Consoles are not good targets for either. Established games publishers are not going to be doing this. No, not even EA.
The only information of worth on a console is probably your credit card and login details for any services you use. So not really much. Well not on PlayStation, I don't know what the UWP application scene on Xbox One is like. The ability to run UWP apps both increases the vector of attack (a rogue UWP app) and possibly increases the likelihood that somebody has more sensitive information on their console in another UWP app.
It still seems pretty far fetched. Why go through all the hurdles of getting an rogue app on a relatively small console base when there are juicy pickings to be had with smartphones and desktop operating systems?
Last edited by a moderator:
Neither type of attack on its own can hijack the system, as they only leak data. Some of that could provide data valuable outside of the system, like leaking password entry or any stored user or account data.
Other pieces of data may be useful in finding a function or attack vector, or some key values.
The PS4's inability to isolate its javascript engine in its browser partially mirrors the javascript proofs of concept for Spectre, although the jailbreak had much lower-hanging fruit in the form of available system calls that would dump kernel information and a security exploit that could elevate permissions. Part of the hack involved corrupting an system-level interrupt descriptor table that at least at that version was not properly gated from being modified. Maybe it could be better isolated with virtualization, if the hypervisor might have prompted the guest OS to make the structure's write access restricted, or the hypervisor might have caught the attempt. Also, if the KASLR changes being made for Meltdown were in effect, and Sony had bothered to use KASLR, the various leaked kernel addresses would be more randomized or hidden, and possibly some of the call chain would run into problems with kernel pages not being available to the web browser.
However, since AMD doesn't want those KASLR changes, I guess things would stay non-random and more hackable.
I missed the patches indicating Spectre could get to another VM, but it makes sense.
There's also the overall goal of hacking the platform, which may mean piracy or getting to some of the keys that might be useful for creating more potent attacks on the services or malware.
D
Deleted member 11852
Guest
Yup. You're obviously in the industry so you're likely seeing the same non-published material I'm seeing - if anybody can keep it with it all - or you soon will. 5715 presents a challenge.
Yeah, BRiT's point too. I'm still not sure many people, apart from folks like us on boards like this, care that much. Generally you're hacking for one of two reasons: curiosity or piracy. Is the piracy scene really that big on consoles? It doesn't feel it compared to when I recall owning a PlayStation where everybody I knew had a modded unit and a pile of burned pirates games.
Distant periphery perhaps, although I do recall reading advisories for AWS and Azure clients indicating there was no cross-instance leakage, but that was probably after their downtime that probably patched the hosts.
In that regard, the Xbox One's multiple partitions might function in a similar manner, and could allow a hypervisor patch without perturbing the game or application OS.
I'm not sure where that leaves the other consoles, or if fixing just the hypervisor can leave the game OS without the penalties associated with some of the mitigations.
Piracy is usually a question that soon follows, but I don't know the extent. In countries where the hobby is more expensive, it seems to be more prevalent. The PS3's hack showed there's always the chance of a more titanic screw-up that might leave some more powerful and useful credentials available if you dig deep enough.
That also showed that there's a motivation to safeguard a device that media companies fear might bypass their protections, given Sony yanked Linux after the fact.
Maybe it could serve as a PSN hack vector as well.
D
Deleted member 11852
Guest
Publicly, folks are working with the attack the researchers developed but Spectre is a method of attack, similar to virii and malware. Unlike Meltdown, where the OS vendor can change code (with some performance hit), there will inevitably be variations of Spectre that work around whatever mitigations operating systems vendors put in place.
Personally I am not worried about my IT. I'll continue not installing untrusted software on my machines or visiting shady places on the internet.
Well, apart from Beyond3D.
So when piracy was easy, piracy was rife, and when it wasn't easy, it wasn't. So if it becomes easy again, what's gonna happen?
D
Deleted member 11852
Guest
People will likely have to chose between piracy and having an online console.
Tkumpathenurple
Veteran
So a multi-console household will take on a different meaning.
Xbox OS mimics fairly closely Windows 10 S. Locked to run UWP apps in a container signed by Microsoft. UWP apps in particular which can be deployed on any windows 10 device with particular ease, when you open up m/kb to a console to run the very same apps that run on your desktop, laptop, surface, hololens, smart phone, then a console can become a vector for attack onto your other areas of your ecosystem. Obtaining access to someone's microsoft account is painful when we put into consideration how many products that they have that has monthly subscriptions for service (and thus microsoft accounts act as a single sign on).
It's not far fetched, it's reassurance that the platform as a whole is secure. Especially if you intend to make future announcements about the types of software that could be coming to the device in the near future that could involve say the use of mouse and keyboard.
Similar threads
