Skip to main content

Meltdown and Spectre : Backdoors in Modern Processor

In recent days, the technological world is roaming around two words "Meltdown" and "Spectre". They are not merely just simple words but are the vulnerabilities found in modern processors that run our computers, laptops, smartphones, wearables and many modern gadgets. These vulnerabilities allow programs to steal data, which is currently processed CPU(the heart of processor).

Generally the memory used by processor is very secure and only kernel in operating system (main program that executes all the instructions) can access or modify this memory. No user program or software can access the memory directly. So the data remains secure while the CPU is processing it. This secure data can be saved passwords, encryption keys and critical documents.

The devices that use processors can be affected by this kind of attacks! This means every smart device connected to any kind of network!  Meltdown and Spectre work on computers, Mobiles and Cloud. The matter of concern is that these vulnerabilities have been present from 20 years and there is no way to trace-back and find out which program has exploited this and at what level. All kind of processors including Intel, AMD, ARM based are affected.

Meltdown:

This breaks the basic isolation between operating system and user program. This is basic isolation which should avoid any leak of secret data used by operating system to the program. If you use patched operating system that run on vulnerable processor, it is very dangerous to work with sensitive data on such device. But there are software patches available against meltdown. But long term fixes need the change in processor hardware.

Spectre:

It breaks the isolation between memories used by different applications. This allows the attacker to design a program that steal the data from other program which follows best security practices. So there can be such a situation that as you increase safety checks in software the more data will expose to malicious programs. So spectre attack is more dangerous and difficult to come over, but is it very difficult to design such a spectre program! All spectre attacks cannot be prevented by software patches, but some can be prevented.

These design flaws are created in pursuit of faster processors. As we are reaching the limits of hardware enhancements, the manufacturers come with some smart ways to reduce the processing time. At this time the processors are designed to anticipate the instructions and use cache memory for accessing the frequently used data. This is called speculative execution, where it predicts and performs some routine tasks and overall we get faster performance. If data is not useful for further execution they are thrown out of cache and this thrown data can be captured by programs to exploit.

Therefore at this point, the thing we can do is to update the software to latest official software patch provided. Here official software patches are important as some hackers are spreading fake security patches that contain malware. Try to avoid cracked software and downloading anything from unknown sources.

This was a very brief information about the Meltdown and Spectre. For more information and research papers you can visit : https://meltdownattack.com/.

Thank you for reading, please share this article and comment if there is any corrections or suggestions.

Image courtesy - The Hacker News

Comments

Post a Comment

Popular posts from this blog

Virtual Assistants: making our life easy!

Hello folks! In this post we will have a look at various virtual assistants present around us. Virtual assistant is a software application that performs various tasks for user. Now a days "Chat-bot" is the well known name which is small version of virtual assistant for websites.  Such applications improve the user experience considerably and can understand natural language (different from computer language) and prove to be starting point in the world of Artificial Intelligence. Lets have a look at some famous virtual assistants. 1. Google Assistant This is developed by Google and primarily available in Android Smartphones, smart home devices and surprisingly a special edition of Google Assistant is available on Jio phone based on KaiOS. This technology is advanced version of 'Google Now', which was able to listen user and perform actions. Google assistant can detect natural voice of user and can give response. Also keyboard input is supported. Besides...

Dual Camera: An in-depth look!

Hi Folks, hope you are having a good time. 2017, was the year of smartphones with dual camera and 18:9 ration display. In this article we are focusing on Dual Camera feature of them. The trend was started by LG and Huawei in Mobile World Congress 2016, to capture the market by introducing this hot new feature. After that almost every smartphone manufacturer jumped into this.  They provided various features that use these cameras like Portrait Shots a good try to mimic Bokeh effect that we get from professional cameras. So, is it a truly useful hardware feature that will produce results as promised by these companies? Lets have a look! There are three types of implementations found: 1) Monochrome(black and white)  camera and RGB (color) camera. 2) Wide angle lens camera and Telephoto lens camera. 2) Normal lens and Ultra Wide Angle lens camera Monochrome and RGB camera: This type of implementation is found in Moto G5S Plus and Huawei P9. Here one camera captures ...