News

Spectre and Meltdown Microchip Mayhem

Thu, 11/01/2018 - 09:32
Redstor_Spectre_And_Meltdown_blog
Data Protection

It didn’t take long for cyber-security to make headlines again in 2018, following on from large-scale attacks and breaches of 2017. The latest vulnerability to be announced is of a specific nature, affected microchips in PCs, devices and servers. However, the microchips vulnerable are those of Intel and some of the other largest producers of chips globally, meaning this vulnerability has the potential to be exploited millions of times over.

 

What are Spectre and Meltdown?

Meltdown and Spectre are vulnerabilities in modern processors that would allow hackers to steal information stored or cached in an operating system kernel. While programs are typically not permitted to read data stored in this location, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs; ‘Meltdown’ relates to the vulnerability in Intel processors,Spectre', is said to affect hardware by all chip makers.

Information included in these processors could include passwords stored in a password manager or browser, personal photos, emails, instant messages and even business-critical documents. Meltdown and Spectre work on personal computers, mobile devices, and in the cloud (by affecting the cloud-host server or device). The two vulnerabilities were discovered by the Google project Zero Team. The Meltdown bug affects multiple generations of Intel’s Central Processing Unit; CPUs, as well as cloud providers like Amazon and Google - fixes could be expected to cut performance by more than a third. 

What is a CPU?

A CPU or Central Processing Unit, is the primary chip within a computer where calculations take place, this process requires the rapid transfer of data from other parts of the system.

When you command a program to do something, it is the processor that carries out that command, co-operating with the rest of the system to perform whatever task is needed. There are other types of processors, including graphics processing units (GPU) or graphics cards, co-processors such as sensor chips that detect motion or similar physical conditions, but the term “processor” without a caveat is generally exclusively used to describe the CPU.

 

How can this vulnerability be exploited?

The Meltdown vulnerability means that applications, malware, and JavaScript running in web browsers, could obtain information they should not be allowed to access: such as the contents of the operating system private memory areas. These areas often contain files cached from disk, a view onto the machine's entire physical memory, and other secrets - this should be invisible to normal programs. The vulnerability also means that data is potentially accessible while a user is online, meaning infected websites and malware can attempt to rifle through the computer's memory looking for credentials, personal information, and more.

There are numerous implications and this exploit is likely to affect many users. Shared systems, such as a public cloud server, may be at the most risk as it will be possible, depending on the configuration of a machine, for software in a guest virtual machine to drill down into the host machine's physical memory and steal data from other user’s virtual machines.

How this exploit could take a bite out of the Apple

Apple have released a statement saying that all apple products, bar the Apple watch, are at risk to the vulnerability. Apple have released patches to address the exploit, but have stated that there has not been any apparent evidence of it being exploited.

All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time. Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store.’

 

Who knew about the vulnerability

The Google project Zero Team maintain that they notified the correct people at Intel over a year ago – yet still the public only discovered in January 2018. Intel have stated that they believe that the average/everyday computer user will not be negatively impacted by the performance impact from the fixes. In related news, it has been speculated that the Intel CEO Brian Krzanich was aware of the vulnerability when he sold off a large amount of his shares last year. Krzanich made approximately $24 million by selling the majority of his stakes late November.  At the time, this did cause some to comment that it was a peculiar decision, as it left Krzanich with only 250,000 shares left – this just so happens to be the minimum amount of shared required by Intel under the terms of his employment. However, an Intel representative has claimed that it is speculation and that the release of shares was pre-planned and unrelated to the discovery of the vulnerability. Google had apparently shared the information with Intel in June, whilst Krzanich arranged the sale of shares in October; three months after he apparently received the news.

 

Redstor has been protecting and managing systems for 20 years, read our latest tips on how to protect your data and stay one step ahead of a data breach here. Or get in touch now to speak to one of our cyber-security experts.

Recent Articles

Redstor_Wannacry_blog Ransomware

WannaCry A Year On

Ransomware attacks took up many headlines throughout 2016 and 2017 as their quantity and effect became widespread, costing organisations and... read more

May 16, 2018
Redstor_Equifax_leak_blog Disaster Recovery

Equifax – The Breach That Keeps Getting Bigger

Last year in September 2017 Equifax revealed that they had numerous data files stolen by hackers. The Credit Ratings agency initially at the time... read more

May 15, 2018
Redstor_future_lawyer_summit_blog Redstor

Redstor Looking Ahead At The Future Lawyer Summit

On the 29th May, representatives from Redstor will attend London’s Future Lawyer Summit, a highly regarded conference, as an exhibitor. The one-day... read more

May 11, 2018