Spade Technology: Blog

What You Need to Know About “Meltdown” and “Spectre.”

Two critical vulnerabilities were found in Intel chips that could result in a malicious attacker stealing your data, such as photos, emails, documents, browsers, and password managers.

How can this affect you? The vulnerabilities called “Meltdown” and “Spectre,” can affect nearly every system built since 1995.

This includes computers and phones.

Meltdown Intel Processors

A proof-of-concept code was tweeted out on Wednesday (January 5, 2018) prompting the reveal. Windows, Linux, and Mac systems containing the Intel chip from the past decade are all vulnerable. Amazon Web Services and Google Cloud were also affected. Both have patched their servers and secured the threat.

Meltdown allows malicious programs to gain access to higher-privileged parts of a computer’s memory. Spectre steals data from the memory of other applications running on a machine. Meltdown is said to be limited to Intel, but Spectre has been exploited on ARM and AMD as well.

When modern Intel processors execute code, the code reaches a pre-programmed point in the algorithm. Instructions branch out into two different directions, saving time by “speculatively” venturing down these forks. In other words, they take a guess and execute instructions in order to get a head start. If the processor learns that it went down the wrong path, it jumps back to the fork in the road and throws out the speculative work.

A hacker could trick a processor into letting their unprivileged code sneak into the kernel’s memory by using speculative execution. When the processor throws out the temporary data, it jumps back to the fork. This makes data retrieval difficult, but it temporarily stores this information in the computer’s cache. With some clever coding and patience, a hacker could easily find and steal the data in the cache, giving him access to personal information, passwords and more.

For a hacker to gain access to these kernels and steal your sensitive information he must first hack into your system. Then, he’ll install malicious software on your computer to take advantage of the vulnerability.

Intel, AMD, and ARM are hard at work coming up with a fix for this serious vulnerability. But it’s not just PC’s or Mac’s that are being affected. Amazon and Google servers also use these chips, which not only could allow hackers to see your data on the server, but to potentially jump servers to see other people’s data as well.

Microsoft, Linux, and Apple are also getting involved to repair the flaws. One potential downside to fixing this problem is the possible slowdown of your CPU or phone. Isolating the kernel memory from unprivileged memory could cause a significant slowdown in some processes.

While it’s still too early to know exactly how significant the slowdown will be, some researchers are saying it could be as high as 30%. Once the patches to fix the issue are rolled out everywhere, we should get a better picture of how this will affect performance. But still, it’s better to have some slowdown than to have a hacker taking information from your PC.

To prevent hackers from taking advantage of your system with Meltdown or Spectre threats, make sure to keep all the software on your computer updated, including web browsers. Keep Flash updated as well. Run security software to guarantee you don’t have any unwanted or malicious software on your system. Finally, be on the lookout for phishing emails. A hacker could use this to trick you into letting their malicious code onto your system.