Cyber security researchers have discovered two potentially serious exploits of modern processor vulnerabilities: The Meltdown exploit and the Spectre exploit. These exploits were designed to leave no traces in traditional log files and could capture encryption keys, passwords, and other forms of sensitive information on devices.
Another worrying thing is that traditional antivirus software cannot detect or block these exploits. It is almost impossible to distinguish them from regular applications. Spectre is a name based on its root cause, i.e. the speculative execution. Meltdown received its name due to the malware melting away security boundaries that hardware usually enforces.
How can the Flaws in PCs be Exploited?
A reason why both exploits are insidious is their ability to exploit the out-of-order execution that is usually implemented by Intel processors. This means that there is a risk for virtually all of the corporation’s processors manufactured since 1995. Spectre and Meltdown work by using side channels to obtain information. They can break mechanisms that should keep applications from providing access to arbitrary system memory and locations. Today, smartphones, cloud servers, laptops, desktops, and in fact almost every system is affected by Spectre. Some of the affected processor brands include ARM, AMD, and Intel.
However, the actual danger that both exploits present to processors and vendors is a matter of debate. Not all of them have been exploited as yet. All related companies are scrambling and working toward a solution.
Understanding the Risks of a Multi-Level Security Fail
Computers usually run software from multiple vendors and this allows new holes to be opened rather frequently. Hidden flaws found by researchers could even date back years or more. Since old parts of the code worked, nobody bothered to go back to check it. Some felt that there wasn’t any need to fix it as nothing was broken.
Processors are such huge engineering feats and their chips are spectacularly complex. However, extensive testing can still discover that some combination of instructions produce defective results. It is awkward when hardware related to enforcing rules on multilevel security produces such results. A chipmaker needs to set up defense mechanisms all the paths in, especially when protecting a shared resource.
Can You Plug the Security Holes?
Yes, software updates can patch and address most vulnerabilities. However, the issue is far more complex when it is the chipsets that are affected. To date, Amazon has announced it would continue working to ensure that its products are secure. Google, on the other hand, has reported that it has secured its products.
However, what’s most worrisome is that some of today’s exploits allow hackers to take advantage of them before you can even take corrective measures. While chipmakers continue to roll out software updates, you as a user should also protect yourself by running security software, watch out for phishing scams, and keeping all networks and devices in check with the help of managed IT professionals. It is always good to exercise good old fashioned due diligence!