On a cold Sunday early last month in the small Austrian metropoli of Graz, three young researchers sat down in front of the computers in their homes and tried to break their most fundamental security protections.
Two periods earlier, in their laboratory at Graz’s University of Technology, Moritz Lipp, Daniel Gruss, and Michael Schwarz had determined to tease out an idea that had nagged at them for weeks, a loose weave in the safeguards underpinning how processors protect the most sensitive recollection of billions of computers. After a Saturday night booze with pals, they got to work the next day, each independently writing code to test a theoretical attack on the suspected vulnerability, sharing their advancement via instant message.
That evening, Gruss notified the other two researchers that he’d succeeded. His code, designed to steal information from the deepest, most protected part of a computer’s operating system, known as the kernel , no longer spat out random characters but what seems to be real data siphoned from the sensitive bowels of his machine: snippets from his web browsing history, text from private email conversations. More than a sense of accomplishment, he seemed shock and dismay.
“It was truly, really scary, ” Gruss says. “You don’t expect your private conversations to come out of a program with no permissions at all to access that data.”
From their computers across the city, Lipp and Schwarz soon tested proof-of-concept code they’d written themselves, and could see the same makes: Lipp remembers ensure URLs and file epithets materializing out of the digital interference. “Suddenly I could see strings that shouldn’t belong there, ” he says. “I believed,’ Oh God, this is really working.'”