Meltdown and Spectre – Security exploits that gained every company’s attention

On Wednesday, researchers revealed serious flaws in modern processors. It can affect practically every Intel computer released in the last two decades. It may also affect the AMD and Arm chips in your laptops, tablets and phones, too. The flaws, known by the names Meltdown and Spectre, aren’t unique to one particular chipmaker or device. Instead, they impact everything from phones to PCs and servers.

Steve Smith, head of Intel’s data center engineering operations, said during a conference call on Wednesday –

It’s not really one vendor’s problem. Also it’s not an issue with our product. It’s not an issue with someone else’s product. It’s a general design issue that impacts most modern chips.

Intel said in a statement –

Recent reports saying that these exploits are caused by a ‘bug’ or a ‘flaw’ and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices, with many different vendors’ processors and operating systems, are susceptible to these exploits.

Meltdown and Spectre aren’t really “bugs”. Instead, they represent methods discovered by Google’s Project Zero cybersecurity lab to take advantage of the normal ways that Intel, ARM, and AMD processors work.

In this case, the design feature in question is something called speculative execution, which is a processing technique most Intel chips have used since 1995, and one that’s common in ARM and AMD processors, too. With speculative execution, processors essentially guess what you’re going to do next. If they guess right, then they’re already ahead of the curve, and you have a snappier computing experience. If they guess wrong, they dump the data and start over.

What Project Zero found were two key ways to trick even secure, well-designed apps into leaking data from those returned processes. The exploits take advantage of a flaw in how the data is dumped that could allow them, with the right malware, to read data that should be secret.

This vulnerability is potentially particularly dangerous in cloud computing systems, where users essentially rent time from massive supercomputing clusters. The servers in those clusters may be shared among multiple users. Hence customers running unpatched and unprepared systems could fall prey to data thieves sharing their processors.

How to fix it?

Read this article to know about how to save yourself from Meltdown and spectre.

This Post Has One Comment

  1. Pingback: How to secure devices from Meltdown and Spectre security exploits

Leave a Reply

Your email address will not be published. Required fields are marked *