What Is SWAPGS And How You Can Protect Yourself From It
After what happened with Spectre and Meltdown, it has been uncovered that processors suffer from an additional vulnerability.
Bitdefender researchers have come across another attack that can affect Intel CPUs and computers that are running on them. The attack is named SWAPGS, after a system instruction that can be manipulated to leak out data that is supposed to only be visible to the operating system.
So, what is SWAPGS and how does it work?
What is SWAPGS?
SWAPGS is yet another computer security vulnerability. It uses the branch prediction from modern microprocessors: processors usually use some type of speculative execution, which lets them create educated guesses about things that will need to be performed in the future.
This is where problems arise, since these speculations produce microarchitectural changes that leave fragments of evidence in the system’s cache. These can afterward be used by attackers to draw out data.
Therefore, due to this vulnerability, hackers are able to extract passwords, tokens, access credentials, encryption keys, addresses, etc.
The ID this vulnerability was issued is CVE-2019-1125.
Somehow, the SWAPGS attack is able to circumvent all the protective measures and mitigations which were implemented to prevent previous attacks, Spectre and Meltdown. It even bypassed KPTI, the Kernel Page Table Isolation mechanism which is meant to completely isolate kernel memory and make attacks like Spectre and Meltdown harder.
You might be wondering: who is affected by this vulnerability? Processors that have the SWAPGS instruction are affected by it, which are all Intel processors with x86-64 systems. That is basically every processor found in servers and computers made since 2012.
Other CPU architectures (MIPS, ARM, POWER, RISC-V or SPARC) are not expected to be vulnerable, and neither are Apple devices.
Although AMD stated that its products were not vulnerable to the attack, a Red Hat advisory stated that both Intel and AMD processors with x86-64 systems were both vulnerable to it.
Enterprise users and home users can both be impacted if they are running on the afore-mentioned processors.
How to Protect Yourself from SWAPGS
While the researches that discovered CPU flaws claim traditional AV won’t be able to identify Spectre, Meltdown or SWAPGS attacks, the fact is that attackers first must be able to introduce malicious software on a device in order to exploit the system’s vulnerabilities.
They won’t be able to do so if your system is well protected by an antivirus program since the program might detect malware. Therefore, having antivirus software will help keep cybercriminals and malware far from your computer and other devices.
Read on to find out which AV we recommend amongst our top three and why.
Top 3 Antivirus Programs to Keep Yourself Safe
Avast Internet Security, which is advertised as the ‘smartest online protection for your PC’, is a great solution for internet security for Windows. You can choose between a free version with limited functionality and a premium version which contains more advanced functionalities like anti-ransomware protection and automatic software updates.
AVG is another great antivirus option that can support an unlimited number of devices, whether they’re a Mac, a PC, or Android. The download and installation process is very quick and easy, and the interface is user-friendly and easy to navigate and operate. The software comes in a free version and paid versions which, of course, offer more for the money.
For more information on AVG, check out our detailed review.
Certainly, amongst one of the most important names in the AV industry, McAfee was founded more than 30 years ago. With its impressive list of components, such as anti-theft and malicious URL blocking, McAfee is an excellent choice for securing your devices and protecting them from side-channel attacks such as SWAPGS.
For more information on McAfee, check out our detailed review.
Protect Your Devices from Spectre Meltdown and Other Attacks
There are a few more ways to keep your devices secure. Read on to find out what you can do to improve your home security.
Update the operating system
It’s extremely important to keep your system updated. After the Spectre and Meltdown attacks had happened, many operating system makers offered updates that protected devices against these flaws. Likewise, Windows also secretly patched the SWPAGS vulnerability, so if you’re installing security updates, you will be protected from the SWAPGS vulnerability in Windows.
Regarding protection against speculative execution side-channel attacks (SWPAGS, Spectre, Meltdown), Windows Support states:
‘Customers should install the latest Windows operating system security updates from Microsoft to take advantage of available protections. Antivirus software updates should be installed first. Operating system and firmware updates should follow. We encourage you to keep your devices up-to-date by installing the monthly security updates.’
Finally, below are protections Windows has provided to date, according to Windows Support:
‘Starting in January 2018, Microsoft released updates for Windows operating systems and the Internet Explorer and Edge web browsers to help mitigate these vulnerabilities and help to protect customers. We also released updates to secure our cloud services. We continue working closely with industry partners, including chip makers, hardware OEMs, and app vendors, to protect customers against this class of vulnerability.
We encourage you to always install the monthly updates to keep your devices up-to-date and secure.’
Check for firmware updates
Besides updating the operating system, it’s important to install firmware fixes in order to stay safe from side-channel attacks, which operating system patches can’t combat on their own. Firmware updates were quickly released by Intel after the attacks had happened, though these fixes could cause instability and data loss.
To make sure you don’t lose any of your data, back it up regularly to an external hard drive or to a cloud service.
Concerning the vulnerabilities and firmware updates, Windows Support says the following:
‘You may have to update both your firmware (microcode) and your software to address these vulnerabilities. Please refer to the Microsoft Security Advisories for recommended actions. This includes applicable firmware (microcode) updates from device manufacturers and, in some cases, updates to your antivirus software. We encourage you to keep your devices up-to-date by installing the monthly security updates. ‘
Update your browser
Updating your browser is another step you can take to improve your home security since your web browser is the easiest way for cybercriminals to attack CPU flaws. Major web browsers issued security updates in order to prevent malicious websites in exploiting CPU flaws. Microsoft Edge, Internet Explorer, Firefox, Chrome, Safari, and WebKit all pushed out updates with security improvements after the Spectre attack.
Update other software
Other software can also be attacked and must be updated regularly as well. Install available software updates for other software, especially if these are tied to hardware in some way. This means updating your printer or SSD.
Conclusion To SWAPGS Attacks
Whether it’s a SWAPGS attack or some new variant of it that’s come about because of another vulnerability that’s been discovered, there will always be potential dangers on the internet trying to steal your data.
That’s why keeping your devices secure by using an antivirus program is crucial, as it will keep malware and hackers off your computer. As mentioned previously, attackers first must be able to introduce malicious software on a device to exploit the vulnerabilities of your system. So, always keep your antivirus on and running in the background.
Moreover, make sure your system is fully patched and your firmware updated, and you won’t have any reason to worry.
Luckily, it seems that normal users needn’t worry about side-channel attacks, as the latter are too slow to use against individual computers. On the other hand, cloud providers, system administrators, and data centers need to be careful.