Spectre / Meltdownを使用してWiFiパスワードを盗むことはできますか？

私はあなたが最初にすることを提案します：

1. お使いのコンピュータに応じてBIOSをアップグレードすると、すでに少なくとも部分的なパッチがある可能性があります。製造元のウェブサイトを確認してください。

2. 以下からspectre-meltdown-checkerスクリプトをダウンロードGitHub;直接リンク。

   このスクリプトを実行すると、システムが脆弱であることを確認できます。

   スクリプトは、次のすべてのバリアントを確認します。

   • CVE-2017-5754
   • CVE-2017-5715
   • CVE-2017-5753

   以下のようにダウンロードしてすぐに実行できます。

   sudo sh spectre-meltdown-checker.sh
   

   次のようなやや類似の結果が得られます。

   イメージバージョン：

   

   テキストバージョン：

   Checking for vulnerabilities on current system
   Kernel is Linux 4.9.0-6-amd64 #1 SMP Debian 4.9.88-1+deb9u1 (2018-05-07) x86_64
   CPU is Intel(R) Xeon(R) CPU E3-1225 v3 @ 3.20GHz
   
   Hardware check
   * Hardware support (CPU microcode) for mitigation techniques
     * Indirect Branch Restricted Speculation (IBRS)
       * SPEC_CTRL MSR is available:  YES
       * CPU indicates IBRS capability:  YES  (SPEC_CTRL feature bit)
     * Indirect Branch Prediction Barrier (IBPB)
       * PRED_CMD MSR is available:  YES
       * CPU indicates IBPB capability:  YES  (SPEC_CTRL feature bit)
     * Single Thread Indirect Branch Predictors (STIBP)
       * SPEC_CTRL MSR is available:  YES
       * CPU indicates STIBP capability:  YES  (Intel STIBP feature bit)
     * Enhanced IBRS (IBRS_ALL)
       * CPU indicates ARCH_CAPABILITIES MSR availability:  NO
       * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO
     * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO
     * CPU microcode is known to cause stability problems:  NO  (model 60 stepping 3 ucode 0x24 cpuid 0x306c3)
   * CPU vulnerability to the three speculative execution attack variants
     * Vulnerable to Variant 1:  YES
     * Vulnerable to Variant 2:  YES
     * Vulnerable to Variant 3:  YES
   
   CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
   * Mitigated according to the /sys interface:  YES  (Mitigation: __user pointer sanitization)
   * Kernel has array_index_mask_nospec (x86):  YES  (1 occurrence(s) found of 64 bits array_index_mask_nospec())
   * Kernel has the Red Hat/Ubuntu patch:  NO
   * Kernel has mask_nospec64 (arm):  NO
   > STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)
   
   CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
   * Mitigated according to the /sys interface:  YES  (Mitigation: Full generic retpoline, IBPB, IBRS_FW)
   * Mitigation 1
     * Kernel is compiled with IBRS support:  YES
       * IBRS enabled and active:  YES  (for firmware code only)
     * Kernel is compiled with IBPB support:  YES
       * IBPB enabled and active:  YES
   * Mitigation 2
     * Kernel has branch predictor hardening (arm):  NO
     * Kernel compiled with retpoline option:  YES
       * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
   > STATUS:  NOT VULNERABLE  (Full retpoline + IBPB are mitigating the vulnerability)
   
   CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
   * Mitigated according to the /sys interface:  YES  (Mitigation: PTI)
   * Kernel supports Page Table Isolation (PTI):  YES
     * PTI enabled and active:  YES
     * Reduced performance impact of PTI:  YES  (CPU supports INVPCID, performance impact of PTI will be greatly reduced)
   * Running as a Xen PV DomU:  NO
   > STATUS:  NOT VULNERABLE  (Mitigation: PTI)
   

3. 以下を含むシステム全体とブラウザを更新してください。

   sudo apt-get update
   sudo apt-get dist-upgrade