January 7, 2018 – If you have a feeling that someone is looking over your shoulder these days when you are using your computer, you may be justified to a degree. It appears that the core of computer chips, once seen as invulnerable, are not and that more than one manufacturer is to blame. I’ve always recommended Intel processors when advising friends on buying a new computer. But now it appears it doesn’t matter who supplies the chips at the core of your new machine. All are suspect.
Previously unknown flaws have made almost every current device insecure. Whether it’s a smartphone in your pocket, a laptop, tablet or desktop system, hackers can exploit these flaws to extract personal information you thought was protected by your normal security protocols.
It was the Google Project Zero engineering team that first identified the flaws giving them the names Spectre and Meltdown.
Common to Intel, AMD, and ARM processor architecture, the engineers traced the vulnerability back nearly two decades. These processors are the artificial brains found in billions of devices including the computers that store information in the Cloud, and sensors deployed in vehicles, machinery, and other equipment.
Processors are designed to predict and execute tasks. They store instructions that include user IDs, passwords, and vital data associated with credit, and banking. But so far Intel and Google have indicated they have yet to see an exploitation of the flaws. And the Computer Emergency Readiness Team in the United States concurs. Carnegie Mellon University’s Software Engineering Institute has provided a complete description of Spectre and Meltdown. In both flaws, kernel memory is exposed.
The following table compares Spectre and Meltdown.
 |
Spectre | Meltdown |
| CPU mechanism for triggering | Speculative execution from branch prediction | Out-of-order execution |
| Affected platforms | CPUs that perform speculative execution from branch prediction | CPUs that allow memory reads in out-of-order instructions |
| Difficulty of successful attack | High – Requires tailoring to the software environment of the victim process | Low – Kernel memory access exploit code is mostly universal |
| Impact | Cross- and intra-process (including kernel) memory disclosure | Kernel memory disclosure to userspace |
| Software mitigations | Indirect Branch Restricted Speculation (IBRS) Note:Â This software mitigation also requires CPU microcode updates and it only mitigates Spectre variant 2 |
Kernel page-table isolation (KPT) |
The solutions proposed include updates to the microcode within the processors and updates to applications that have been deemed vulnerable.
Technology providers affected besides Intel, AMD and Arm include:
- Amazon,
- Android’s Open Source Project,
- Apple,
- CentOS,
- Cisco,
- Citrix,
- Debian GNU/Linux,
- Fedora Project,
- Fortinet,
- FreeBSD Project,
- Google,
- and IBM.
Related articles across the web
Related Posts
Once Again Global Action To Mitigate Climate Change Is At Risk
Ask Voters What’s Most Important To Them And Climate Change Seldom Gets Mentioned
Combination of More Rain and Hotter Temperatures is Making Crops Like Corn Sweat
A Climate Change Prehistory Event That Could Repeat Itself
A National Day of Truth and Reconciliation Brings Back Memories
The United Kingdom’s Government Research Arm Is Developing An Early Warning Climate Tipping Point System
Updated: Imagine an EV Battery With a Range of 3,000 Kilometres Between Charges
Who Knew That AI Would Feed Astrology’s Resurgence in 2024?
