-1

With Spectre and Meltdown, hackers can extract your password from the CPU cache. If I give someone my computer without the hard drive, can he extract my passwords through the CPU?

schroeder
  • 123,438
  • 55
  • 284
  • 319
justlinx69
  • 53
  • 6
  • 1
    I assume that you mean the password for an encrypted volume. I don't think this is possible. Definitely not possible if you've switched your system off to remove the hard drive. Very unlikely even if you've ripped the drive from the system while it is still running. – Steffen Ullrich Jul 16 '18 at 09:28
  • passwords form the browser. here is the explanation i saw : https://www.youtube.com/watch?v=NArwG6yaWJ8 – justlinx69 Jul 16 '18 at 09:36

2 Answers2

1

Since the content of the cache is gone once the system is switched off this kind of attack is only possible if you remove the disk while the system is kept running. In this case the attack should still be possible if it was possible with the disk still connected (i.e. probably not possible with up-to-date systems),

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
0

The way that the spectre / meltdown exploits work is by exploiting a technique used in chips known as 'speculative execution', which is one of three main techniques that vendors use to increase cpu performance. (The other two being multiple branch prediction, and dataflow analysis.) The three together are known as out-of-order execution.

Because modern CPU's are pipelined, they are capable of executing multiple instructions in parallel, which can be seen here: https://upload.wikimedia.org/wikipedia/commons/c/cb/Pipeline%2C_4_stage.svg

So the reason that the spectre / meltdown exploits are capable of running are that the speculative execution is able to access privileged memory that a user-space application cant access. There are no checks for the cache that is being accessed under speculative execution for privileges, it starts to run without the privilege check, and when its time to commit that data or continue with the speculative execution, the check is then done. But that allows for a small window of opportunity to run instructions for the branch prediction so that you can read memory that you shouldn't be able to.

Spectre and meltdown are used more for privilege escalation once someone has physical access to your machine. So to answer your question, yes and no. Someone cannot extract your passwords from an old computer. The passwords are kept in cache during the running of the system, and are 'flushed' at regular intervals, the way that these exploits work is by accessing data stored in memory that they shouldn't be able to access. However they may still be able to extract credentials that have been stored in web browsers.

I simplified the exploit as much as possible to make it easier to understand, but if you want more information on how these attacks work then ill leave the link for the whitepapers below. They are a fascinating read if you have the time.

sources:

https://spectreattack.com/spectre.pdf

https://meltdownattack.com/meltdown.pdf

Community
  • 1
Connor J
  • 1,464
  • 8
  • 11