On melting spectre or how soft hardware can lead to coitus interruptus with your coins.

The above title, frivolous in nature, was inspired with pretty accurate name proposal (“fuckwit_”) for a patch (https://lwn.net/Articles/740608/) addressing Meltdown vulnerability. If you had no opportunity to learn what is Meltdown or Spectre — read more:
https://meltdownattack.com/
https://meltdownattack.com/meltdown.pdf
https://spectreattack.com/spectre.pdf
https://googleprojectzero.blogspot.no/2018/01/reading-privileged-memory-with-side.html
https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/
…and probably many more.

While it’s probably well established fact that x86 architecture is broken by design, one of broken parts is L-cache configuration and omitting permissions in process. Performance was the most probable factor to make such a sick choice, but it also seems pretty deliberate. Especially in light of recent chain of disclosures. But this is just an observation of actions that usually happen behind the scenes.
More important is to answer a question — whether vulnerabilities already discovered affect cryptocurrencies.

Do they?

Sure. They actually affect everything done with most of electronic equipment based on or related to x86. Because they are built according to same scheme. So, it can affect security of coins. But, on the bright side, there are mitigation techniques available.
But first — how it affects said security. In short, transaction signing operations must keep the private key for some short time in memory. This can be really short time but still long enough to have this key intercepted. More, client apps used to process cryptocurrencies are often written without paying attention to such unimportant things like memory allocation, thread safety and alike. Some even don’t use basic mechanisms like ASLR (which anyway helps little in scenarios disclosed above) and alike. Plus, as you already learned, hardware isn’t what it seems to be. And this applies not only to processors, but all accompanying devices. Thus you cannot be sure when it comes to network devices, phones and the rest of stuff.

What to do then?

Make things complex to potential attacker, of course as long as you have some coins and would love to keep them. First and foremost — do not trust. One of major ideas behind cryptocurrencies is lack of trust. One of possible reasons you came in contact with cryptocurrencies is because you realized that welfare of financial institutions and yours are not going in parallel and thus it’s better to find something that depends as little as possible on actors involved. But most probably you are here just for business. Regardless motivation — just do not trust. And multiply obstacles.
Some suggested steps to take:
- always update your operating systems. This filters at least vast majority of script kiddies around;
- have multiple wallets. You don’t walk with all your money in pockets through some dangerous areas, aren’t you. So, just keep your coins in different places;
- have cold and hot wallets. Hot for everyday use and cold ones to supply hot ones. Use cold ones as seldom as possible (meaning — establish it once, send coins to it and only use again when needed to fill a hot one);
- use hardware wallets. These devices detach encryption phase from network connection thus limiting attack exposure (plus, they have own entropy source). Mind, these devices have flaws as well. Read about them before deciding which one to use. Or better, use multiple different manufacturers;
- as above, use different manufacturers of devices you use for coins. Just to make the whole affair more messy for potential intruder (to pass two devices of the same type and manufacturer you just need one exploit. This in particular applies to network devices);
- once more. Do not trust that someone takes care about your security. Trusting hardware manufactures or software providers is as silly as believing that your fiat money numbers on accounts won’t change to zeroes when some bailout is needed.

All in all — virginity is lost. Most people won’t notice, as ignorance is strength. But some will. Be in this group — this way you’ll have less unpleasant surprises. I hope I’m wrong, but there is more to come.
But what came till now is enough to make you cautious. Because it won’t fade fast. While ME(AMT) affair has largely disappeared from news (sadly), exploits targeting Spectre will be around for a while, as this mechanism is pretty hard to limit without hardware modifications (can be, by limiting time precision at user apps level, but not in kernel).