Meltdown and Spectre Vulnerabilities
2018 did not start well for the major tech companies, with the shocking revelation that there is a major security flaw in the world’s most widely-used chipsets. Below, we’ll look into the vulnerabilities that have emerged, as well as examining the potential long-term repercussions.
News broke that there are serious security flaws in chips produced by almost all the major tech companies. The companies impacted include heavyweights such as Intel, Arm, and AMD. These security flaws are serious, and pose a real threat to millions — if not billions — of tech users around the world.
Who is affected?
Any device that relies on processor chip from these major companies; which is to say, most of them. Every device — phone, tablet, computer — has the potential to be impacted. Age is no barrier either; the vulnerabilities date back to chips produced 20 years ago. The device you are reading from right now has almost certainly been impacted by the security flaw.
What are Meltdown and Spectre?
The two vulnerabilities have been given individual identities, so they can be distinguished from one another.
Meltdown (CVE-2017-5754) is a vulnerability that has proven very easy to exploit. Meltdown primarily affects Intel chips, which are the most widely used in the world. Meltdown uses a technique called “speculative execution”, which means it is able to infer values in protected memories.
Meltdown earns its name from the fact it can be used to “melt down” barriers to secure data. If an attack occurs, the Meltdown vulnerability can be used to access user data– even secure user data, such as passwords, logins, and other sensitive information. All programs in the operating system are vulnerable.
Spectre (CVE-2017-5715 and CVE-2017-5753) is not receiving as much attention as Meltdown, but it’s just as dangerous. Spectre breaks the security wall between applications, which means that an attack can trick an application into sharing its data. An attack using Spectre is far harder for an attacker to pull off than Meltdown, but it is theoretically possible. Spectre affects Intel, ARM, Apple, and AMD processors.
What can Meltdown and Spectre be used for?
These vulnerabilities mean that an attacker can bypass any security measures on a device– effectively, the device is wide open for hacking. Not only can this be accomplished, but it is also possible to do it without leaving any sign of the attacker’s presence.
What is being done?
Many companies — such as Microsoft, Apple, and IBM — are releasing software patches to protect against attacks using Meltdown and Spectre. Time will tell if these are effective; as yet, no major hacks have exploited these flaws, but all device owners should follow manufacturer advice to ensure they are protected at all times.