Understanding the Meltdown and Spectre Scare

Brent Whitfield
CEO   DCG Technical Solutions Inc.

The latest cybersecurity scare involves a set of three exploits, two named Spectre (variants one and two) and one named Meltdown (or variant three). It is important to understand that these are not actual attacks. Rather, they are vulnerabilities that could potentially give hackers a way to breach cybersecurity and access sensitive information. The biggest concern about Spectre and Meltdown is that they are functionally part of the central processing units (CPUs) of practically all computer devices.

The vulnerability comes from an optimization process known as speculative execution (hence the name Spectre). Speculative execution is when the microprocessors carry out a function before it is known whether you need that function. If you need the function, the process occurs in full. If it isn’t, the chip reverts the changes. This process is almost instantaneous and invisible to the user but enables modern processors to run faster. However, you can read the rolled-back information in the operating system’s kernel memory.

What is the deal with Meltdown and Spectre?

This vulnerability means that a malicious program could potentially read protected kernel memory space. This could cause a ‘meltdown’ of the program/memory barrier. Alternatively, it could force another program to release information (the two spectre exploits). With Meltdown, the danger is that passwords, credit card details, photos, emails, instant messages, documents, and other sensitive information will be seen directly from the CPU of a device. With Spectre, one can steal information from other programs running at the same time as the malicious one.

IBM chips seem to be more vulnerable than other chips to Meltdown. But Spectre can affect IBM, AMD and ARM chips. In practical terms, this covers almost any computer device running any operating system on the market (desktops, laptops, smartphones, tablets, etc.) Worryingly, VMs used in cloud computing are also affected since the hypervisor in charge of the VMs or guest kernels from other users could both potentially leak information.

Good news and bad news:

The good news is that there is no evidence that these vulnerabilities have ever been subject to exploitation. Also, the chance of a successful attack is very low. Theoretically, anti-virus software should also detect any malicious programs seeking to exploit the holes. The bad news is that if a piece of malware does manage to breach your defenses it will be very difficult to detect the event. This is because there would be no trace in the system logs.

You cannot fix these flaws as they are part of the computer chips themselves. You can mitigate them, however, against using micro-code updates from the chip manufacturers together with software patches.  Microsoft, Apple, and Linux have already released these patches, while the latest version of Android also includes the protection.

So what is the best way to protect yourself from danger?

The key advice is to ensure that you have downloaded and applied the latest operating system updates. This is to avoid downloading programs from unknown sources. In this case, it is also advisable to update your browser to the latest version. In addition, make sure that auto-updates are on.

Image courtesy: TechCrunch

Tags: , , , , , , , , ,