After the Meltdown and Spectre, a huge security shock hit the world. Almost all the modern processors are vulnerable to these flaws. The Meltdown affects mostly all the Intel processors, whereas the Spectre affects all processors including ARM, AMD, and Intel. Every manufacturer is working on the bug and released several patches to fix the issues. According to Arm Holdings CEO Simon Segars, we might even find out more bugs in the systems that seem to be safe at present.
Using the Meltdown and Spectre flaws, a hacker could theoretically pull out sensitive info out of the system. As we know how these bugs work, we can fix them despite the cost. However, Simon Segars tells us that more flaws are yet to be found out in the systems. In an interview at CES 2018, he said, “The reality is there are probably other things out there like it that have been deemed safe for years. Somebody whose mind is sufficiently warped toward thinking about security threats may find other ways to exploit systems which had otherwise been considered completely safe.”
The cause of Meltdown and Spectre
The reason why Meltdown and Spectre grew up is the speculative execution. It’s a hardware technique that allows a processor to perform significantly faster. If we are to avoid the exploits, we have to get rid of the “speculative execution”. This is way too much to give up. Segars said that the speed boost is too significant to remove it from advanced chipsets.
Simon Segars also puts force on cybersecurity, “cybersecurity is a mess”. Cyberspace needs 100% security as AI and IoT are getting more and more traction in the cyber world. Flaws like Meltdown and Spectre will simply put everything at a great risk in these scenarios.
“It really is mind-bending what people have done to exploit this side effect”, Simon Segars said. “Nobody thought of it before. Like all discoveries, they’re only obvious after the point they’re discovered.” It’s true that companies are adopting speculative execution for years, and none thought about the potential of vulnerability. According to Segars, “But what you’ll see is [that] the end system is a combination of software and hardware. How it’s written and tested — all of that will evolve to make sure the risks of using that approach are well understood.”
ARM hasn’t decided to change their processor’s architecture or software yet for preventing any future security risks. Segars ensured that ARM will continue examining similar potential vulnerabilities while making processor tweaks.
Why didn’t ARM find the flaw itself? Segars answered, “What this demonstrates is that the world of security is a moving target. Just when you think you’ve got things under control, something else comes along.” The same statement is true for all other processor manufacturers.
Check your system with InSpectre
Is your system vulnerable to Meltdown and Spectre? You can now check using InSpectre tool. It’s a very small (<1MB) tool for Windows PCs to check out your system’s status. Get InSpectre.
All we can do now is stay alert for any malware and keeping all our software and OS up-to-date. Until the systems are bug-free for good, we have to wait a long time (maybe years).