The Intel Meltdown Hack Explained—through Cheeseburgers

Why is all of your personal data vulnerable? For the lowdown on microprocessors, let's talk about pickles.

By Marty Patail February 27, 2018 Published in the March 2018 issue of Portland Monthly

0318 dispatch meltdown cheeseburger ygaaqb

In January, two studies rocked the computing world. The revelation: All of your personal data is vulnerable. And not because of a password leak or phishing scam. Instead, hackers can exploit computers’ physical central processing units—hacks the researchers ominously dubbed Meltdown and Spectre. The two are closely related, but Meltdown affects primarily chips produced by Intel, whose microprocessors—many designed and made in Hillsboro—power roughly 70 to 80 percent of the world’s computers.

How does the attack work? Let’s order up a fast-food analogy.

Scene: Your Favorite Burger Joint

You’re in line, waiting to order. The customer in front of you orders “the usual.”

The cashier punches up the order; the cooks start making it. The customer remembers she left her wallet at home and dashes out.

Now it’s your turn. You start ordering everything off the menu in every combination. All of the orders get sent to the kitchen but when you order a cheeseburger with extra pickles the cashier instantly hands you the previous customer’s order, already made.

Now you know that other patron’s usual: cheeseburger with extra pickles. 

How Meltdown Works*

Intel chips gain efficiency with a process called out-of-order execution. A hacker tries to access a password in the secured area of the computer’s memory and asks the CPU to look up a secured file called “Secrets” and return the first letter inside. The Intel CPU dutifully looks inside the Secrets file before it verifies the user’s permission to do so. (In the example above, the cooks start making the order before money is exchanged—it’s just faster that way.) Permission is denied, the hacker gets an error message, but the CPU has already copied the first letter of the password to a special memory cache where it can be accessed very quickly. (Like the cheeseburger with extra pickles, it’s ready to go!) Now, with a virtual timer in hand, the hacker asks the CPU for the letter A. Then the letter B. The letter C, and so on. If a response comes back faster than the others—by an order of nanoseconds—that’s the first letter of the Secrets file. Rinse and repeat for the second letter....

*For readability, we’ve left out some bits about page management, user spaces, and kernels. Thanks to Portland cybersecurity expert David Buchanan for his technical assistance.

Filed under
Show Comments