使用 Spectre/Meltdown 是否可以窃取 WiFi 密码

我建议你先做第一件事：

1. 根据您所拥有的机器升级您的 BIOS，可能至少已经有部分补丁。请检查您的制造商网站。

2. 从下载spectre-meltdown-checker脚本GitHub;直接链接。

   执行该脚本，您可以验证您的系统是否容易受到攻击。

   该脚本检查所有变体，即：

   • CVE-2017-5754
   • CVE-2017-5715
   • CVE-2017-5753

   下载后可以立即执行，如下所示：

   sudo sh spectre-meltdown-checker.sh
   

   您将得到与此或多或少类似的结果：

   图片版本：

   

   文字版：

   Checking for vulnerabilities on current system
   Kernel is Linux 4.9.0-6-amd64 #1 SMP Debian 4.9.88-1+deb9u1 (2018-05-07) x86_64
   CPU is Intel(R) Xeon(R) CPU E3-1225 v3 @ 3.20GHz
   
   Hardware check
   * Hardware support (CPU microcode) for mitigation techniques
     * Indirect Branch Restricted Speculation (IBRS)
       * SPEC_CTRL MSR is available:  YES
       * CPU indicates IBRS capability:  YES  (SPEC_CTRL feature bit)
     * Indirect Branch Prediction Barrier (IBPB)
       * PRED_CMD MSR is available:  YES
       * CPU indicates IBPB capability:  YES  (SPEC_CTRL feature bit)
     * Single Thread Indirect Branch Predictors (STIBP)
       * SPEC_CTRL MSR is available:  YES
       * CPU indicates STIBP capability:  YES  (Intel STIBP feature bit)
     * Enhanced IBRS (IBRS_ALL)
       * CPU indicates ARCH_CAPABILITIES MSR availability:  NO
       * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO
     * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO
     * CPU microcode is known to cause stability problems:  NO  (model 60 stepping 3 ucode 0x24 cpuid 0x306c3)
   * CPU vulnerability to the three speculative execution attack variants
     * Vulnerable to Variant 1:  YES
     * Vulnerable to Variant 2:  YES
     * Vulnerable to Variant 3:  YES
   
   CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
   * Mitigated according to the /sys interface:  YES  (Mitigation: __user pointer sanitization)
   * Kernel has array_index_mask_nospec (x86):  YES  (1 occurrence(s) found of 64 bits array_index_mask_nospec())
   * Kernel has the Red Hat/Ubuntu patch:  NO
   * Kernel has mask_nospec64 (arm):  NO
   > STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)
   
   CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
   * Mitigated according to the /sys interface:  YES  (Mitigation: Full generic retpoline, IBPB, IBRS_FW)
   * Mitigation 1
     * Kernel is compiled with IBRS support:  YES
       * IBRS enabled and active:  YES  (for firmware code only)
     * Kernel is compiled with IBPB support:  YES
       * IBPB enabled and active:  YES
   * Mitigation 2
     * Kernel has branch predictor hardening (arm):  NO
     * Kernel compiled with retpoline option:  YES
       * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
   > STATUS:  NOT VULNERABLE  (Full retpoline + IBPB are mitigating the vulnerability)
   
   CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
   * Mitigated according to the /sys interface:  YES  (Mitigation: PTI)
   * Kernel supports Page Table Isolation (PTI):  YES
     * PTI enabled and active:  YES
     * Reduced performance impact of PTI:  YES  (CPU supports INVPCID, performance impact of PTI will be greatly reduced)
   * Running as a Xen PV DomU:  NO
   > STATUS:  NOT VULNERABLE  (Mitigation: PTI)
   

3. 更新您的整个系统、浏览器，包括：

   sudo apt-get update
   sudo apt-get dist-upgrade
   

具体来说，Meltdown 会在很大程度上影响基于 Intel 的 CPU，无需更新微代码来缓解它，只要您最近更新了 Ubuntu 16.04，操作系统仍然可以缓解 Meltdown 的影响。

请注意，网络浏览器还需要针对 Spectre 进行修补，因此您还需要最新的网络浏览器。

Spectre 的范围要广泛得多，而且没有任何补丁可以解决它。基本上最新的安全更新是您最好的选择。

要检查您的网络浏览器是否确实容易受到攻击：https://xlab.tencent.com/special/spectre/spectre_check.html

Meltdown 和 Spectre 只能通过执行本机代码来利用，这是网站通常无法做到的（也就是说，如果一切都是最新的，并且在其他漏洞的世界中没有任何东西着火）。使用访客帐户不会改变使用 Meltdown 或 Spectre 的攻击是否成功。