A new player (or players) on the security flaw front has just been discovered by a band of researchers, and the flaws which are known to exist in the processor chips that power mobile devices and PCs (including those made by Intel, AMD, and ARM), could be exploited and used to steal very sensitive data including passwords, cryptographic keys, emails, and other files saved on your PC, Phone, and sadly, your company’s Server.
What are Meltdown and Spectre?
The flaws issue from a nifty feature implemented in modern processors called “Speculative execution”. In order to make computer processes run faster, a processor chip will guess what information the computer needs to perform its next function. That’s called speculative execution. The problem is, a hacker can gain in on this process to steal vital data from the CPU.
Spectre, on the other hand, will trick the processor into starting the speculative execution process. Then the hacker can then read the secret data the chip makes available as it tries to guess what function the computer will carry out next. According to research, the flaw is not easy to fix, and will be around for some time. It may require a complete hardware redesign (for future processors) before it’ll be completely fixed.
Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system. So, Meltdown literally melts down security boundaries enforced by the hardware, allowing programs access into the system kernel memory which is usually hidden from such applications, and which also holds very sensitive cryptographic data.
Who is affected?
E V E R Y O N E
According to www.meltdownattack.com, Meltdown and Spectre work on personal computers (Windows, Linux, Android, macOS, iOS, Chromebooks), mobile devices, and in the cloud. In fact, every Intel processor made since 1995 (except Intel Itanium and Intel Atom before 2013) is affected. It is unclear whether AMD processors are also affected by Meltdown. ARM processors are also affected.
What to do
Most device manufacturers have issued security patches to fix or curb the flaws. Microsoft, Google, and Apple have patched their devices, and Intel has also issued updates for devices that are Intel-powered.
So, ensure you download and install all updates that show up on your device if you want to be safe. Also, make sure you have an active security/antimalware software on your device as this will help stop a hacker from gaining access to your PC in order to execute Meltdown or Spectre. Do not click links you are unsure of, and download files only from certified sites.
Since the issues exist in the CPU of a device, attempting to fix it may a negative impact on device performance. The decreased performance levels are more obvious on web servers and other heavy-duty devices, regular PC users are less affected.