{"code":"DG7VSX","title":"Spectre in the real world: Leaking your private data from the cloud with CPU vulnerabilities","speakers":["X9TXT3"],"submission_type":2,"track":2,"tags":[],"state":"confirmed","abstract":"Transient execution CPU vulnerabilities, like Spectre, have been making headlines since 2018. However, their most common critique is that these types of vulnerabilities are not really practical. Even though it is cool to leak `/etc/shadow` with a CPU bug, it has limited real-world impact. In this talk, we take Spectre out for a walk and let it see the clouds, by leaking memory across virtual machine boundaries at a public cloud provider, bypassing mitigations against these types of attacks.","description":"# Additional information after the public disclosure\r\nThis talk was the public disclosure of [\"L1TF Reloaded\"](https://www.vusec.net/projects/rain/), a vulnerability that combines two old hardware vulnerabilities, L1TF and Half-Spectre, to bypass commonly deployed software mitigations. During the talk, we showed a demo of how we were able to leak the private key of on an nginx server in a victim VM under noisy conditions at a real public cloud provider, without detailed knowledge of either host or guest, and without interacting with the victim at all. Google Cloud awarded our research with a $151,515 bug bounty, their highest bounty yet.\r\n\r\nWe showed that the attack is realistic even in one of today’s biggest commercial clouds. Simultaneous with the this talk, [we released an anonymous pre-print with all the technical details](https://download.vusec.net/papers/rain_sp26.pdf).\r\n\r\nOur industry partners, [Google](https://bughunters.google.com/blog/4684191115575296/project-rain-l1tf) and [Amazon](https://aws.amazon.com/blogs/security/ec2-defenses-against-l1tf-reloaded/), released their responses at the same time.\r\n\r\nUnfortunately, the talk has not been recorded to protect the anonymity of the research team during the reviewing embargo phase. Fortunately, that embargo has now been lifted. You can read about the attack in more detail at [https://www.vusec.net/projects/rain/](https://www.vusec.net/projects/rain/).\r\n\r\n# Original description\r\nSeven years ago, Spectre and Meltdown were announced. These two vulnerabilities showed that instructions executed by the CPU might accidentally access secret data. This secret data can contain files cached from disk, cryptographic keys, private information, or anything else that might be stored in memory. An attacker can use Spectre to learn the value of that secret data, even though the attacker is not supposed to have access to it. \r\n\r\nEven though this sounds problematic, there is a reason why these type of vulnerabilities haven't had a significant real-world impact. Mitigations make it much harder to pull off, and an attacker needs a form of remote code execution anyway to trigger the relevant CPU instructions. If an attacker can already execute arbitrary code, then Spectre is probably not what you should be worried about. For regular users, these CPU vulnerabilities are likely not that much of a threat.\r\n\r\nHowever, that is not the case for public cloud providers. Their business model is to provide *remote code execution as a service*, and to rent out shared hardware resources as efficiently as possible. Customers run their system in an seemingly isolated virtual machine on top of shared physical hardware. Because customers can run anything they want on these systems, public cloud providers must treat these workloads as untrusted. They have to assume the worst case scenario, i.e. that an attacker is deliberately trying violate the confidentiality, integrity or availability of their systems, and, by extension, their customers' systems. For transient execution vulnerabilities like Spectre, that means that they enable all reasonable mitigations, and some more.\r\n\r\nIn this talk, we show that transient execution attacks can be used on real-world systems, despite the deployed software mitigations. We demonstrate this by silently leaking secret data from another virtual machine at a major global cloud provider, defeating virtual machine isolation without leaving a trace. Additionally, we'll discuss our coordinated disclosure process, the currently deployed mitigations and how future mitigations could address the issue.","duration":50,"slot_count":1,"content_locale":"en","do_not_record":true,"image":null,"resources":[],"slots":[13362],"answers":[]}