They affect a HUGE number of devices
Yesterday, we reported about a major vulnerability that affects a huge number of Intel processors, warranting for a patch that will compromise a computer’s overall performance by as much as 30%. That vulnerability is known as Meltdown.
It turns out, all of us should be worried about not just one but two devastating CPU-related vulnerabilities, with the other known as Spectre.
Before we all go panicky and all, let us explain to you what is Meltdown and Spectre, how they can affect us, and how manufacturers are addressing the issue:
What is affected?
Meltdown affects Intel processors, while Spectre affects Intel, AMD, and ARM processors. In terms of coverage, Spectre affects more devices since it can go down to a mobile level: yes, even thermostats and baby monitors can be possibly be affected.
Basically, all devices are potentially affected by it, so the safest way to put it is that any untested device should be considered vulnerable.
What do they do?
Both vulnerabilities affect processors at the architecture level, specifically with how transistors and logic units inside a processor carry out instructions. However, Meltdown and Spectre work differently.
For Meltdown, it works by breaking through a kernel memory’s protective barrier through the use of malicious software in order to gain access to sensitive information. For Spectre, it tricks applications to disclosing sensitive data without passing through security checks.
With both vulnerabilities, they can be a big issue especially with cloud services, where hackers just need to rent cloud service space in order to take advantage of these “holes” in processors, as said in a New York Times article.
3d illustration of a glowing blue Qualcomm logo sitting on top of a glossy microchip
What’s the remedy?
Microsoft and Linux are working on a security patch to remedy Intel-equipped computers potentially affected by the Meltdown vulnerability. However, this patch will throttle down the overall performance of computers by as much as 30% with the fix.
Spectre, on the other hand, is harder to fix. As of now, the only definite fix for it is for processor manufacturers to redesign their processors with how they access kernel memory.
What can we do right now?
While both Meltdown and Spectre are alarming, everyone should not be worried, as manufacturers are working hard to mitigate the problem, whether it may be an update, a patch, a fix, or (worst case) a major chip design revision. For the meantime, let’s be mindful of how we use our devices, especially when it involves connecting to the internet.