With so many hackers out there and fraudulent activity being more commonplace than ever, it is vital to keep up to date with security and hardware exploits, even if it might not seem as dangerous at face value. In early 2018, security experts discovered two severe security flaws inside computer processors called Meltdown and Spectre.
The viruses live inside desktop and laptop computers and smartphones, tablets, cloud servers, graphics cards, and pretty much anything with an operating system, save for a few smartwatches and Wi-Fi routers. Microsoft Windows, Apple OS, iOS, and Linux were just some of the major operating systems that had been hit hard by the flaws.
Meltdown and Spectre exploit vulnerabilities in modern processors
The two viruses are modern-day examples of what is known as a "transient execution" attack, which means that Spectre and Meltdown rely on design flaws of the hardware when the product is in use. These security flaws can easily take a user's password set, location, bank details, and other sensitive information for anything you need an online account. Daniel Guss, a researcher at Graz University of Technology and discoverer of the Meltdown, named it one of the worst CPU bugs in computing history.
Meltdown and Spectre are in the processor of the device, being discovered in the very silicon of computer chip. The processor is what carries through every command that is requested by the user. As the processor is essentially the brain of the computer, any issue in the processor would affect the whole device's performance; just as there was an issue with your mind, it would fundamentally hinder your physical capabilities. Well, it's just the same for a computer. These processors' infrastructure has affected billions of devices and servers across the world, including one that runs the cloud infrastructure for google!
Unfortunately, the two flaws can even rear their ugly heads inside video game consoles too. Though not many video game consoles themselves have been affected in its hardware, they are left extremely vulnerable and open to an attack as most gaming consoles are linked to one of the cloud services. Meltdown should not be taken lightly, and it is dangerous because any application running on an infected device can use Meltdown to steal your data. Spectre is just as bad, and though it's harder for hackers to take advantage of, it's also harder for developers to fix and create patches, meaning it is more of a long term problem than Meltdown.
Can my antivirus detect or block this attack
Using these two flaws, hackers can access all of a user's information on any device without a trace, even if the device has anti-malware software installed. This is why it is essential to have that device's patches presently updated. As so many areas of a device are plagued with Meltdown and Spectre, patches are required to not only the operating system but also the chip, the firmware, and device's applications. For developers, their products have become intricate cobwebs of patches.
Though it wasn't revealed to the public until 2018, hardware attacks had been going on for months. Before, the attack was seen as so severe that it was not revealed to consumers until vendors such as Apple and Microsoft had found a fix for their products. For the most part, cloud servers have found patches and kept Meltdown and Spectre from interfering with managed service providers' operations on a grand scale.
Luckily, most software and hardware developers were quick to act on the flaws. Microsoft released patches for most versions of their Windows operating systems, as did Apple for macOS, iOS, and tvOS. Web browsers such as Google and Firefox swiftly followed with patches, and now most of the world's developers have hindered hackers' chances of stealing any more details.
But some claim that a long term effect is a slow server's performance, and Linux has been singled out specifically for performance issues since its patches were installed on devices. There will also always be a constant threat that Meltdown and Spectre may still be able to be weaponized.
Have these two vulnerabilities hit your data center? Have their been patches that you applied to help mitigate the issue? Let me know on Twitter how this has affected you, and thanks for reading.