When it comes about electronic devices, security is the top priority here. However, with recent researches ongoing, we’re getting to know only that how vulnerable we are in the cyber world. A pair of a serious exploit, the Meltdown and Spectre in the most modern processors is discovered in the first week of January 2018. These two new vulnerabilities are known as the Meltdown and the Spectre exploit.
The Meltdown exploit was discovered by three teams – a team at Cyberus Technology, Jann Horn at Google Project Zero and a team at the Graz University of Technology. They discovered and reported the flaw independently.
The Spectre exploit was discovered by a team led by Paul Kocher along with representatives from the University of Pennsylvania, University of Adelaide, Data61, University of Maryland and Rambus. The flaw was identified and reported independently.
Why are these threats so dangerous? They allow a hacker to simply use the hardware resource to steal information while leaving no trace in the traditional log file! Even traditional antivirus software is unlikely to detect illegal access to programs using the exploit.
Why these bugs are serious
Unlike other heinous bugs found previously, these two bugs are more serious to date. The truth is, these bugs not only affects desktops & laptops but also virtually all the company’s processors produced since 1995 with a few exception.
Both of these bugs allow unauthorized access to the processing data. Generally, a program isn’t allowed to read other apps’ data and is ensured by the hardware. Unfortunately, these bugs allow such action to perform.
How the Meltdown and Spectre work
Meltdown: This one mainly affects most of the Intel processors. This bug works by breaking the barrier that prevents apps from getting access to arbitrary locations in the kernel memory. The kernel segregates and protects memory for every single process and keeps a barrier so that one can’t interfere with another’s data. However, the meltdown bug now makes this serious procedure unreliable. This flaw mostly makes desktops & laptops vulnerable.
This flaw even allows anyone in the cloud to retrieve the data without any permission and privilege. Virtually, this affects every user of a personal computer. Intel’s “speculative execution” method used in the processors doesn’t fully segregate processes by low-privilege and high-privilege that are meant to be in the computer’s kernel memory.
Spectre: Intel, AMD and ARM processors are affected by this bug. The working method is different than meltdown bug, however. This flaw tricks applications into disclosing the secured data inside their protected memory area. This exploit is harder to pull off. However, this bug affects even mobile devices, thus making it even harder to patch up and fix.
This is a set of attacks that involve unexpected and incorrect execution of the victim program that leaks the victim’s confidential data via a side channel. Unlike Meltdown, this affects virtually every device.
Intel processors are the most vulnerable to these bugs. AMD and ARM processors seem to be largely immune to the Meltdown bug. However, the Spectre affects everyone.
The bug fix
These two monstrous bugs work on the hardware level. When there’s a bug with the software, it’s much easier to find out and fix. Like the major bugs the popular software (OpenSSL – Heartbleed, Linux – Shellshock etc.), these hardware bugs are harder to fix.
In the case of Meltdown, it’s easier to temporarily patch the software system. Linux, Windows, OS X etc. have already released a patch for this one. However, the work on Spectre is still ongoing.
How to stay secure
These bugs are pretty difficult to exploit. Unfortunately, these are hard to fix and hackers will always try to use these exploits to their advantages.
For end users, it’s pretty difficult but several steps will surely slow down any hacker.
- Update all your software to the latest version.
- Whenever available, update your device drivers.
- Update your anti-malware tool and scan your system for any malicious tool. You can check out for the best antimalware tools.
- Apply any system patch if available.
All the tech giants are already working to fix these flaws. AMD believes that they’re on the least. Microsoft relied heavily on Intel processors. They’re going to have a patch very soon. Linux devs already released a fix. Apple’s patch for macOS, iOS, tvOS is on the way. Google has already safeguarded their products and services from the flaw.
In the case of Intel processors, the current fix ensures security in the cost of performance. However, we need to wait quite a long time until every single hardware is patched up. It’s a reminder for the future technologies not to ignore any single bit to test for any security threat. We hope that all the new upcoming processors won’t have these flaws anymore.
Until everything’s alright, just stay tight and alerted!