In the most horrified state of affairs is security after all computer devices worldwide have been exposed to security flaws leaving them vulnerable to attacks by the hacker community. Researchers have discovered a security gap in the processing units usually called the CPU chips which could lead to a compromise in the security of privately stored data.
Most of the Intel processors and some ARM CPUs are perceived to be at the risk of being vulnerable, which means billions of devices are at risk. Critical security flaws have been discovered in Intel chips crafted since 1995.
The vulnerabilities let attackers steal data from memory of the running applications like password managers, browsers, emails, photos, and documents. The discovery was made by two researchers who have chosen to dub the vulnerabilities as “Meltdown” and “Spectre”, and said computers, as well as mobile phones, are affected by the bug since two decades.
Daniel Gruss, a security researcher who found the Meltdown bug revealed that it was not just limited to reading the kernel memory but the entire memory of the system at risk.
What Are Meltdown & Spectre?
These are two separate security loopholes. Meltdown affects desktop computers, laptops, and Internet servers that work on Intel (and ARM) chips. Spectre has a wider reach affecting chips in smartphones, tablets and computers that incorporate Intel, ARM, and AMD. According to a senior analyst at tech consultancy IDC, Bryan Ma, devices that are connected to the cloud and data centres are also at risk.
The bugs are known to break down the crucial isolation between the kernel memory which forms the core of the operating system, and the user processes. While Meltdown lets an attacker access whatever lies in the device’s memory by melting down the security walls held together by hardware, Spectre tricks applications into leaking their data.
The Way out
The UK’s National Cyber Security Center has said that it has seen no evidence of any malicious exploitation of the vulnerabilities yet. Device makers and operating systems are pushing out updates and patches that will protect devices from the breach that relies on Meltdown. Microsoft, Apple, Linux are all issuing patches.
Apple has revealed that all Macs, iPhones, and iPads are affected by the Meltdown vulnerability, but Macs that run on the latest version of iOS 10.13.2 are safe. The latest iOS version 11.2 that runs on iPhones and iPads is also safe from a “Meltdown”. Apple plans to mitigate against Spectre by releasing an update “in the coming days”.
Microsoft Dynamics AX had released an emergency patch for the Windows 10 operating system on Jan 4 via the Windows Update, and the same will be subsequently applied for the Windows 8 and Windows 8 operating systems.
Google has confirmed the safety of Android devices that are updated with the most recent security updates. It has also stated that users of web services like Gmail are also in the safety net. Chromebook users on older versions have been directed to install an update when it comes, and Chrome web browser users will receive a patch expectedly on Jan 23.
Spectre is the harder of the two, and no fix for the bug has yet been made publicly available. Microsoft and Amazon have announced a scheduled downtime of their cloud services anytime in the coming days. Amazon also revealed that a single-digit percentage of instances on its cloud EC2 services are protected as yet and that more will soon follow.
The Slowdown Consequence
While the patches will prevent attackers from exploiting the chips’ design flaw, they will lead to a deteriorated performance of the chip. A slowdown of computers, smartphones, and even the cloud services that host popular sites and services is expected.
Intel, in a statement, remarked that performance impacts would be workload-dependent, and, for the average computer user, should not be significant and would be mitigated over time. On the contrary, some researchers have claimed a slowdown by up to 30 percent as a result of the security updates. The vulnerabilities have posed a new challenge to the designing of the chips as to how can such occurrences be reduced in the future.