Meltdown & Spectre Security Vulnerabilities

Hello Readers!

Here we are in 2018, as we are just about to enter 2018, our newsfeed is filled with this alarming issue. By now, you have probably heard about securities issues called Meltdown & Spectre,  that have wreaked digital havoc and mass of confusion in their wake. Earlier this week, security researchers release official documentation – complete nicknames and logos-of two major flaws found in nearly in all modern central processing units, or CPUs.

The flaw name Meltdown & Spectre were discovered by Security Researchers at Project Google’s Project Zero in conjunction with academic and industry researchers from several countries.

Meltdown and Spectre are the name of two (2) serious security flaws that have been found in within computer processors. This Meltdown & Spectre allows cybercriminals to steal sensitive information from almost any computer, mobile device or even from the cloud. Not just that, this affects all current Intel, ARM and AMD processors, regardless of the devices.

Sounds Scary right?

The great news is patched have been created, to protect many affected systems and products and efforts are underway to update others.  While the bad news is these fixes might slow down computer performance.

In order to understand where did, these threats come from, you first will need to understand the behind the scene process called speculative execution.

These speculative execution lets devise do some work ahead of time to speed up the routine task. But, it also creates a security vulnerability nobody expected.

Let’s imagine that your computer as a restaurant and you are the Cook. Every day you will see a pattern of your customers ordering the same menu for breakfast. Eventually, you will make order ahead of time to ensure the breakfast is ready when a customer comes starts to come. But how about if that regular customer decided to order different menu one day? Now, you as the cook will have to throw away the prepared breakfast and start over.Speculative execution works in a similar way.

Whenever computers perform calculations that aren’t actually needed, the results are thrown away.  This data ends up in an unsecured part of the computer’s cache memory, where unauthorized users can access it through a side channel.

What are Meltdown and Spectre?

Meltdown is a security flaw that could allow hackers to bypass the hardware barrier between applications run by users and the computer’s core memory, which is normally highly protected. Meanwhile, Spectre is slightly different. It potentially allows hackers to trick otherwise error-free applications into giving up secret information.

Why Data Left Unsecured?

Previously, back in 60’s computers were very self-contained and there is no way to see data being thrown away. Nobody thought it was a risk, and it was never secured. But, nowadays, computers and mobile devices share system resources with many applications and environments. Sharing is good, but when unprotected data from speculative execution ends in shared memory, it can become a serious issue.

Like robbers trying to rob your house, these cybercriminals will try hard to look for a loophole and use a side channel to sneak in and hijack data.

Even, worse, they can trick computers into loading any data like passwords and account information into the shared memory so they can steal it.

 

So what’s being done about Meltdown and Spectre?

When researchers identified them, they brought them to the attention of major technology companies. Hundreds of engineers came together to create patches that block Meltdown and Spectre attacks. It’s critical to install these patches right away and stay up to date with the latest releases of operating systems.

“Intel has begun providing software and firmware updates to mitigate these exploits,” Intel said in a statement, denying that fixes would slow down computers based on the company’s chips. “Any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”