The computer industry manufacturers are working quickly to solve two principal attack vectors, Meltdown and Spectre. According to experts, almost every computer and smartphone are vulnerable to an attack, which could allow hackers to steal all information stored on chips of these devices. The results could also have major side effects in the cryptospace.
Nothing Like Privacy
Intel Corporation, world’s second-largest chipmaker, announced that a majority of processors that currently operate most of the world’s computer are defenseless to cyber attack. Hence, all chip manufacturers, leaving rivalry aside are working to patch the issue somehow.
Google researchers were the first to alert Intel about the vulnerability with Project Zero having published a detailed documentation of the two flaws.
Ben Treynor, Google engineering Vice President, mentioned in a blog post,
“We used our VM Live Migration technology to perform the updates with no user impact, no forced maintenance windows, and no required restarts.”
Additionally, Google has updated its public cloud service, which could also be open to Meltdown and Spectre.
If Hackers took advantage of this critical flaw, they could easily get their hands on passwords and cached files. Additionally, cybercriminals could use the glitch to weaken security elements of devices. The fault would affect not only personal computers but also data centers and cloud computing services.
A Microsoft spokesperson told CNBC,
“We’re aware of this industry-wide issue and have been working closely with chip manufacturers to develop and test mitigations to protect our customers. We are in the process of deploying mitigations to cloud services and have also released security updates to protect Windows customers against vulnerabilities affecting supported hardware chips from Intel, Arm, and AMD.”
Meltdown and Spectre
Meltdown and Spectre are two flaws that can aid cybercriminals to exploit computer and steal sensitive data. The primary concern is one of them can even be found on chips manufactured back in 1995.
Meltdown permits hackers to dodge the highly protected hardware blocks between applications that an individual uses and computer’s memory. Whereas, Spectre allows cybercriminals to fool applications to supply sensitive information.
Both are severe issues, but Meltdown may pose the biggest threat. The bug can cause a severe problem in short-term, and a quick solution is required to overcome it. Conversely, Spectre can cause more significant issues in the long run as it is difficult to fix once a hacker exploits the flaw.
According to experts, Meltdown only affects Intel and ARM chips and is possible to fix with software updates. On the other hand, it is not possible to fox Spectre via a software patch. The only apparent solution is to replace the processor.
Red Hat, a Linux distributor, also announced that they would be, “ taking a proactive position that favors security over performance while allowing users the flexibility to assess their own environment and make appropriate tradeoffs through selectively enabling and disabling the various mitigations.”
Is Intel the Only Victim?
The flaws affect all modern processors be it Intel, AMD or ARM. However, Meltdown affects every Intel chips manufactured after 1995. However, experts note Itanium and Atom chips are exceptions.
Amazon officials also weighed in on the subject as much of the company’s data is stored using cloud based servers.
“These are vulnerabilities that have existed for more than 20 years in modern processor architectures like Intel, AMD, and ARM across servers, desktops, and mobile devices.”
Meltdown can read all sensitive data such as banking details, passwords and secret files stored in Kernel – the core system. AMD said its products are almost at “near zero risks.” ARM holding pointed out that in the worst case only some data could be accessible to hackers.
Fortunately, it has been determined that Hardware wallets such as Nano Ledger or Trezor are immune to these developing attack vectors. Little can be said, however, regarding exchanges and sensitive cryptodata recorded on an internet connected device.
As more people are asking: @TREZOR is not vulnerable to recent Meltdown and Spectre hardware attacks, because it has processor not affected by these. Also our firmware is always signed, so the device never runs untrusted code. Using a hw wallet is now more important than ever!
— Pavol Rusnak (@pavolrusnak) January 4, 2018
Ledger products are not vulnerable to the latest Meltdown & Spectre attacks. More technical details available at https://t.co/veWMlgcdnt
— Ledger (@LedgerHQ) January 4, 2018
There is nothing much one can do except to update the operating system. Both these flaws are going to be a big issue especially for chip manufacturers in the coming days. Chip-Level security is considered to be of the highest grade. Additionally, the standard ideology is that chip security is tamper-proof. However, it seems general doctrines may be exaggerated.
On what scale could Meltdown and Spectre affect the digital world we live in? Let us know your comments below.