If you tune into any tech news sources this week, the only thing people are talking about is Meltdown and Spectre, two new vulnerabilities that every modern processor is affected by.
What’s a processor?
As I said, Meltdown and Spectre affect every modern processor, but what is a processor? A computer’s processor, just like the name suggests, processes everything on the computer, much like the brain processes everything for your body. Everything you type in Word, every email you send, every website you open, is processed by the processor. If someone can read the memory of a processor, they can see anything you do on a computer. This even includes things like reading the passwords that you type.
How does it work?
The Meltdown vulnerability directly affects Intel and some ARM processors. In short, Meltdown breaks the security layer between user applications (programs like Word or Outlook) and operating systems (Mac OS, Windows and Linux). The attack lets applications access memory that holds private information used by other, secure applications running. This means that if you unlock your password manager, a virus using the Meltdown attack can read all of the passwords from your password vault.
Spectre, similarly, breaks the security layer between different applications. Although more difficult to use than Meltdown, Spectre has a much wider attack vector. Spectre is also much more difficult to fix as the means of the attack are what also gives our computers such fast performance.
Worse yet, the fixes that are possible for these vulnerabilities are mostly dependant on software developers. While there are some patches for these vulnerabilities, computers will have some vulnerability for years to come, as it will require Intel, AMD and ARM to actually look at building new processor architectures.
What is infected?
Today, just about everything is a computer; not just laptops, desktops and servers. Our smartphones and other smart devices also have the similar, infected processors to their bulkier computer cousins. If you look at the stock market, you might think that only Intel, the most popular developer of processor technology, is affected, but AMD and ARM (a popular processor developer for smart phones and embedded devices) are also infected by the bug.
At this point, there are no known abuses of Spectre or Meltdown, but in the coming months, I’m sure that we’ll start to see some new viruses hit the scene. How can you protect yourself? As with all virus based attack vectors, the most important thing is to be careful about what files you open. If you see emails that don’t look normal, maybe a PDF or zip file coming from someone you’ve never heard of, don’t open them. Just delete the message and move on. On the internet, avoid websites that you don’t normally visit and if anything looks out of place on a website, make sure that the URL in the address bar matches where you think you should be. And, as always, if you think you’ve been infected by a virus, call Cage Data immediately to get it checked out.
How did this happen?
Exactly how we got to this point, where a single vulnerability can be so dangerous and affect so much, isn’t clear. The short answer is: bugs happen. Speculation about the vulnerability has is that, in a world driven to build the fastest computers, the industry that builds processors had to put a priority on speed over security.
More Resources
Meltdown and Spectre Vulnerability Site
Twitter Thread by Nicole Perlroth of the New York Times about the vulnerabilities