Meltdown, Spectre chip flaws raise questions about hardware security
by Alyssa Newcomb nbcnews.com
Flaws in computer chips are unusual, which is what makes Meltdown and Spectre, the stunning set of security vulnerabilities released on Wednesday, such a massive problem for users around the world.
Virtually every modern computing device is affected by the flaws, leaving technology companies scrambling to release patches to mitigate the threat, which could otherwise leave sensitive information exposed to hackers.
"It's a very big deal and the only thing people can do is wait for patches on systems and apply them," said Shuman Ghosemajumder, chief technology officer at Shape Security.
The security flaws are located in each computer's brain, known as the central processing unit or CPU. Processors are able to predict what tasks they will need to execute. This is known as "speculative execution" and allows the processor to simultaneously access multiple places of memory.
While this data is supposed to be protected, researchers found some instances when the processor would leave the data exposed during the process.
"The attacks that have been identified are really taking advantage of how CPUs have been designed for quite some time," said Ghosemajumder.
Meltdown and Spectre were discovered by researchers from Google Project Zero and academic institutions around the world.
Meltdown has currently only been identified on Intel processors. Researchers said it is unclear if processors made by ARM and AMD are also affected.
Spectre is even more pervasive, affecting everything from desktop, laptops, smartphones, and cloud servers. It's been identified on processors made by Intel, AMD and ARM, according to researchers.
The U.S. Computer Emergency Readiness Team said the flaws "could allow an attacker to obtain access to sensitive information" and that a patch would only mitigate the threat.
Many companies have already been rolling out software updates. The most important action users can take right now is to make sure they are current on any software updates, said Ghosemajumder.
Intel said in a statement it has already issued updates "for the majority of processor products introduced within the past five years. By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years."
"In addition, many operating system vendors, public cloud service providers, device manufacturers and others have indicated that they have already updated their products and services," the chip maker said in a statement on Thursday.
The news prompted Intel's shares to slide more than 2 percent during trading on Thursday.
Perhaps the silver lining to all of this: US-CERT said it is not aware of any active exploitations at this time. Researchers also said they can't confirm if Spectre or Meltdown have been executed "in the wild."
But the attacks do live up to their ominous names, because even if you were compromised, researchers said you likely wouldn't even know it
Good Netiquette And A Green Internet To All! =====================================================================
Tabula Rosa Systems - Tabula Rosa Systems (TRS) is dedicated to providing Best of Breed Technology and Best of Class Professional Services to our Clients. We have a portfolio of products which we have selected for their capabilities, viability and value. TRS provides product, design, implementation and support services on all products that we represent. Additionally, TRS provides expertise in Network Analysis, eBusiness Application Profiling, ePolicy and eBusiness Troubleshooting. We can be contacted at:
email@example.com or 609 818 1802.
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” has just been published and will be followed by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:
Anyone who would like to review the book and have it posted on my blog or website, please contact me firstname.lastname@example.org.