The Meltdown of Security

Literally, every device you own could be hacked. Literally everything.

Recently a major exploit came into light, the exploits known by the name “Meltdown” and “Spectre”. Literally every microprocessor manufactured by Intel,AMD and ARM seems to be vulnerable to this exploit. A simple java script that is run from a browser could access the part of your processor that processes your passwords and other personal information.

The processor vulnerabilities, Meltdown and Spectre (the latter being a pair of two similar vulnerabilities), essentially target the way processors optimize certain actions, a function known as “speculative execution.” That vulnerability allows them to see the memory (including personal information) inside other programs and services down to the core of the operating system. Your antivirus isn’t gonna fix that. The Meltdown flaw mostly affects Intel-powered machines like your desktop or MacBook, while the Spectre flaw affects processors from AMD and ARM. That means your smartphone is also likely affected by the processor flaw.

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.

Which systems are affected by Meltdown?

Desktop, Laptop, and Cloud computers may be affected by Meltdown. More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013). AMD and ARM processors are rather affected by Meltdown in software level and is much harder to exploit than an Intel system.

Which systems are affected by Spectre?

Almost every system is affected by Spectre: Desktops, Laptops, Cloud Servers, as well as Smartphones. More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors.

How to protect yourself from Meltdown ?

Windows : Microsoft has already issued a patch to address Meltdown for Windows 10 Operating System. And it is soon expected to release patch for its Windows 8 and Windows 7 Operating Systems. It is advised that every desktop and laptop users to update their systems to latest version.Advanced users can check if they’re affected by running Microsoft’s verification test in your command line.

Mac: Apple has already addressed the flaw affecting its operating system. It is expected to release an update soon to its macOS line of operating system.

iOS: Apple has issued an update addressing that Meltdown does affect its iPhone chips and would fix the exploit in an upcoming update.

Android: Google has released a patch to address the issue in its latest security patch. If software update is available for December security patch, please update your smartphones. If you don’t get an update to latest security patch, it is advisable that the users doesn’t install any 3rd party applications other than applications from Play Store.

Browser: Every browser has addressed the exploit in its recent update. It is advisable to update your browsers to latest version.

UPDATE: Meltdown was addressed by Apple in their macOS 10.13.2 and iOS 11.2 benchmark results show no considerable degradation of performance. Performance of Windows computers are expected to take a hit by upto 30% depends on the processor you use.

(Apple Public Statement link : https://support.apple.com/en-us/HT208394 )

How to Protect Yourself From Spectre

While you can protect yourself from Meltdown, it’s harder to defend against the more invasive Spectre flaw. According to researchers involved in discovering and reporting on the two exploits, software updates to patch particular flaws in Spectre are possible, though none are available yet, or are able to address the exploit completely without a redesign of the operating system and the microprocessor itself.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *