Decoding the Intel Chip Vulnerabilities: Meltdown and Spectre

Security has always been of utmost concern when it comes to users and their data. Be it web pros, resellers or the customers, all of us use computers, servers and mobile phones in some form or the other. All of these devices work with an inbuilt processor.

In this post, we’ll decode the confusion and commotion that has left the IT industry in a disarray with recent security vulnerabilities, that was found to affect Intel and other modern chips as well.

What is Intel Chip Vulnerability?

The Intel Chip Vulnerability is a flaw that could allow any hacker to steal data stored in the memory of Intel chips running on personal devices. It includes computers, cell phones, servers in data centres as well as cloud computing services.

During a security research a couple of days ago, there were two vulnerabilities that went public, Meltdown and Spectre. Where Meltdown is said to affect Intel chips, Spectre can affect most of the modern processors.

Meltdown and Spectre – Demystified

The question that arises is, what exactly are these two vulnerabilities and how far & reaching is the damage they can inflict?

So ideally, computers separate applications from reading information that’s passed through the Kernel. But with any security breakout, this isolation is no longer maintained as one program can easily read another program’s memory in the kernel without any permission.

Spectre is designated as Variant 1 i.e the bounds check bypass (CVE-2017-5753) and Variant 2 i.e branch target injection (CVE-2017-5715) can enable attackers to steal information leaked in the cached/kernel files or information stored in the memory of applications.

Research reveals Spectre is supposed to reportedly affect many modern processors like Intel, Apple, AMD (Advanced Micro Devices) and ARM (Advanced RISC MAchine). Furthermore, Spectre involves access to sensitive data that’s stored in the memory.

Meltdown, on the other hand, is designated as Variant 3, rogue data cache load (CVE-2017-5754). This vulnerability can allow hackers to gain entry to confidential parts of a computer’s memory mostly used by any application, program and the Operation System. Meltdown is supposed to affect Intel and Apple processors.

Meltdown also can be said to be like a privilege when escalated i.e an act that takes advantage of a bug, an Operating System error or a design flaw thereby giving an attacker access to resources that are generally protected from any user or application. What this means is, it basically melts all the security boundaries that are otherwise normally maintained. This is more prevalent in the case of Meltdown as it is easily exploitable as compared to Spectre.

According to Daniel Gruss, a researcher from Graz University of Technology who unearthed this issue, “Meltdown is so easy to exploit that we’re expecting [it] to be the significant problem for the next weeks.” The impact of this is high and far-reaching as even personal computer systems are affected.

Recommendations and Fixes

With every problem, there always is a solution, and although there are no solid fixes are available to tackle this problem at the moment. Following are some of the recommendations and fixes issued by leading IT giants, that you can adopt to keep your system secure.

  1. Microsoft released a Security update through their Windows update to address the vulnerability in Windows 10. It has also released guidance for both client and server side. Also, a firmware update is awaited from Intel for hardware protection. Once this update is out it can be separately distributed by the OEMs to fix the issue.
  2. Also, whenever a BIOS patch for a particular hardware is available, it is best to run that too. Another advice from Microsoft is to contact the device manufacturer and install the hardware update, the list of the manufacturers can be found here.
  3. Apart from Microsoft, Google too has documented and released its Security Patch Level for Android in order to limit the exploitation brought on by Meltdown and Spectre.
  4. Furthermore, Apple is said to have released a patch in the version 10.13.6, while Mozilla also, confirmed in their blog that browser-based attacks are more likely to happen now.

This is to say the Operating Systems (Linux, Apple, Microsoft), as well as web browser updates, should be installed on your system the moment you receive them to patch the vulnerabilities.

Conclusion

Overall at the moment, software patches are the only fixes are currently available. Generating fixes are a lot more complicated as they require redesigning of the processor and hardware. However, the fixes for Meltdown are comparatively easier whereas for Spectre they are complicated and still not known for all the versions.

This being said, researchers have said that Spectre is far more difficult to exploit as compared to Meltdown. Though it is predicted that the problem might continue for a longer time. Intel, nevertheless believes it is the most secure manufacturer in the world. And the security patches, both released and the future ones will help in minimizing the problem.

Though there is not much that one can do at this time, take care to install patches and your systems should be safe from any potential attack.

About H. Fatima

H. FatimaIn the days of yore, H. Fatima used to be an Engineer by profession and Writer by passion until she started pursuing full time writing. Her blog is a collection of short vignettes, stories and poems. She mostly writes what she deeply perceives and analyzes. It is her way of unwinding. Her interests include writing, reading (an avid reader), listening to various genres of music, volunteering and watching movies.

H. Fatima

H. Fatima

In the days of yore, H. Fatima used to be an Engineer by profession and Writer by passion until she started pursuing full time writing. Her blog is a collection of short vignettes, stories and poems. She mostly writes what she deeply perceives and analyzes. It is her way of unwinding. Her interests include writing, reading (an avid reader), listening to various genres of music, volunteering and watching movies.