Both Spectre and Meltdown can be devastating though the fact that those are quite hard to exploit is the only silver lining we have in the otherwise dark clouds looming over the tech world in 2018.
The Spectre of a tech Meltdown the likes of which has always been the topic of choice for apocalyptic movies depicting an end of the world sort of scenario might well be real after all. To put in more realistic terms Spectre and Meltdown refer to two bugs that have sent the tech world into a tizzy given how potentially devastating both can be when exploited in a precise manner.
Both have been discovered by Google’s Project Zero cybersecurity lab. That was during late last year but is being publicly revealed only now. Specifically, Meltdown has to do with the way a user app interacts with the operating system and can provide unauthorized access to the memory for unscrupulous programs. This way, sensitive information stored in a PC might get leaked.
Spectre, however, is the more dangerous of the two given that it has to do with the very core feature of the processor and the way it performs. To elaborate further, the bug has to do with the predictive analysis feature that has become the hallmark of how chips function for over two decades now.
The predictive analysis aims to decode the next operation an user might attempt and loads the memory with the related files. This again is meant to speed things up, and if the prediction proves accurate, the files are put to good use. However, in case an user goes for a different operation, the files are dumped, and it is here that the threat has been detected. For the way the files are dumped is actually a massive loophole that suitable programs can use to decipher sensitive information stored in the device.
However, while this has proved to be a huge security risk, the only saving grace is that it also is the hardest to exploit as well. And the most immediate is the need to have malware preinstalled in the system to obtain anything meaningful from the system. In fact, the risk of data theft is much more for cloud infrastructure and data centers than individual systems or organizations.
Fortunately for us, companies like Microsoft, Apple, Google, Intel, AMD et all have all jumped on the scene, and patches are either on the way or have already been released. Unfortunately, not all risks can be mitigated with software patches, and even they are able to, it would come in the cost of reduced system performance.
Unofficial sources have stated the drop in performance could be as much as 17 percent. Intel though has contested the same claiming that it would depend on how the device is being used. What’s more, drop in performance is going to be particularly perceptible in older devices. Any device older than Intel’s Skylake chips is likely to face the heat more than the rest.
Also, given that the above threats relates to the design architecture that the chips follow, there is going to be changes needed to the way the OS interacts with the chip to ensure a thorough prevention mechanism to mitigate the dangers posed by Spectre and Meltdown.
Till then, it would be wise to have a system running the latest version of the OS with all software patches suitably installed. Sure this would serve as a passive way to diminish the threat though that is the best option till a more active solution is available.
For more information on both bugs, please visit https://meltdownattack.com/