Meltdown & Spectre

Let’s write off some few things before we get into demystifying this very sneaky cyber attack. First; we won’t be physically melting anything therefore your computer will not overheat and turn into a liquid. Secondly, no extraterrestrial being is going to haunt you; no specters, no ghosts. Finally, you may want to read more about computer hardware starting with the processor in case you get lost in the way.

The question that comes to mind is; if nothing is melting due to heat and no one is being haunted, where does the Meltdown & Spectre come in? Is this even the correct spelling of specter? Well, yes and this article shall simplify things and explain all concepts related to the attack.

Simply stated, meltdown is a hardware vulnerability that affects almost all processors made within the last 20 years allowing rogue, malicious software to read all memory even when they are not allowed to do so. This is done by ‘melting’ (rendering useless) security boundaries set by hardware. In other words; you are affected by this vulnerability and you did not even realize it.

Spectre on the other hand is a vulnerability emanating from speculative executing and caching. Some words there are not demystified now, are there? Breaking the explanation further; the Spectre vulnerability results from the need and implementation of protocol to speed up computer chips (processors). I refer to the word “speculative” in the sense that this action to optimize the speed of a computer is really not necessary. It is not mandatory to speed up the chip, therefore this vulnerability should not really exist.

Before we get to the bone of the attacks, it is important to understand why these vulnerabilities are dangerous. Take Spectre as a use case. You decide to visit a website and without your knowledge, a fellow decided to use JavaScript code to steal sensitive data such as passwords and usernames by literary tricking the web browser. There goes your secure log in information. What of Meltdown? Take it as a use case and consider cloud computing hosts that are very common these days. An attacker could use this vulnerability to view data hosted on virtual hosts other than the attacked host.

Next up, we need to understand the difference between the two vulnerabilities and how they work together. To start us off, we need to understand that while meltdown breaks the mechanism that prevents the applications from accessing arbitrary system memory, Spectre tricks other applications into accessing arbitrary locations in their memory. In simpler terms; a lock was picked, and a burglar acquired items that didn’t belong to them.

Some companies have produced ways of mitigating these attacks; for example Google with a patch to secure Android Phones and Microsoft for Windows PCs, Apple & Firefox in early 2018 among others. That is a bold and useful step however; there is need to realize that such patches will definitely affect performance. Your system will definitely slow down. This is because the patches are made to alter or disable features of speculative execution and caching.

On to further depressing information… You wouldn’t even know if an attack was launched against you using these vulnerabilities. The vulnerability does not even leave any traces in the traditional log file. Popular antivirus software has also been recorded to not notice these attacks in the recent past. It is known that in theory, these antivirus software could detect such intrusions however in practice, it is unlikely. A work around it has been to identify malware using such attacks by comparing them with known binaries.

We have now come to the end of the article. The article simplifies Meltdown & Spectre to bits that are easy and straight forward to understand. To get more technical info or help, you can get in touch with us through: support@clytech.co.ke

Courtesy: JoeMax.

Leave a Reply

Your email address will not be published. Required fields are marked *