We all have heard about the Meltdown and Spectre – two serious bugs found in the systems of all the chips that would allow hackers to access unwanted information without any warning. Hackers already are trying to use these exploits. In theory, these bugs are hard to exploit. But presently, security researchers succeeded in creating working exploits that use Meltdown and Spectre and able to steal info.
Security experts from Princeton University and NVIDIA have currently authored a new research paper that explains the “MeltdownPrime” and “SpectrePrime”. These exploits use the side-channel timing attacks to leverage the modern processor flaws. The attacks are able to extract data from the processor’s cache memory that might contain confidential info like passwords.
According to the report of the Register, the proof-of-concept exploit “SpectrePrime” has been successfully used on a MacBook with Intel Core i7 processor. However, the MeltdownPrime hasn’t been successful to demonstrate the capability of an actual hardware. Note that Meltdown massively infects Intel chips.
Fortunately, we don’t have to panic just yet. For security reason, the codes used for creating the exploits haven’t been released, ensuring no imminent risk for the time being. However, the security experts developed exploits in the lab, meaning that the real criminals are already on the brink of creating such exploits. The current system patches are able to protect from Meltdown and Spectre like MeltdownPrime, SpectrePrime, and other potential exploits. We’re now waiting for Intel to release an official patch for these bugs.
According to security researchers, processor manufacturers might be facing extreme difficulty in making hardware changes to ensure immunity from these bugs. The flaws are so deeply integrated with the current silicon processors that covering the Meltdown and Spectre along with all the possible flaws might be extremely difficult.
The easiest and the most effective solution now is to change the hardware that can be costly for most. Intel announced that they’ll release Meltdown and Spectre free processors will arrive later this year. AMD also announced that their Meltdown and Spectre free processor (Zen 2 architecture) will arrive market in 2019. Until then, we have to stick with the software patches that has become a real mess all around the world. It’s also a matter to consider whether those will be really free from these bugs.
Intel’s Bug Bounty
In the meantime, Intel has increased the price of ‘bug bounty’ to get more help from the community on different flaws. The scheme is currently offering $250,000 for side-channel bugs/flaws like Meltdown and Spectre. The bounty for other channels has become around $100,000.
This program is available for everyone. That means that now, any security researcher may contribute to processors whereas previously, Intel only allowed invited researchers. This ensures that more people are hunting down the bug(s) and hopefully, find them out faster before the world knows them.