Meltdown and Spectre are two critical exploits that have been discovered by the computer security industry. These vulnerabilities have the potential to wreak havoc on nearly every single computing device made since the mid-1990s, including personal computers and smartphones. The reaction by the industry and public has been one of caution and mixed feelings. The two exploits are a result of flaws that currently exist in computer processors, an essential component designed to perform the speculative execution, something that predicts what tasks they will perform and at what time. This process is what gives modern processors their speedy performance.
The exploits are called “Meltdown” and “Spectre” because the first one “melts down” existing security barriers that prevent malicious actions by hackers and criminals. Spectre refers to the exploit’s root cause, speculative execution, and the fact that it will “haunt” the cybersecurity industry for the near and distant future. The flaws were discovered by security analysts and researchers but was first reported by Jann Horn, a 22-year-old security researcher of Google Project Zero. The exploits have the potential to let an attacker to read sensitive data stored in the memory, such as passwords, or look at what tabs someone has open on their web browser.
Such data is encrypted and located in a remote part of a computer’s memory, but researchers like Horn discovered that in some cases, the data can be exposed while the processor queues it up during “speculative execution”, where the processor performs extra tasks that are done before the computer actually knows it needs it. These exploits are a looming threat that will require complete replacement of computer processors in order to be fully secure. There is no fix for the issue right now and will require a rethinking of how modern computer processors operate. The problem has brought many tech companies together to work on a solution to address the threat.
While Spectre affects nearly all PCs, smartphones and cloud servers, Meltdown appears to be specific to Intel chips. “It is frightening,” James R., a student at Arizona State University said. “We tend to take these threats for granted, pretending it won’t ever affect us.” Intel, the world’s second largest semiconductor chip manufacturer, has responded to the exploits rapidly, working with software vendors and hardware manufacturers to curb and mitigate the effects of Meltdown and Spectre. The company said in a press release that “many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.” Some people in the tech industry criticized Intel’s attempt to initially shift blame but welcomed its continued mitigation efforts.
“Intel is committed to product and customer security and is working closely with many other technology companies… to develop an industry-wide approach to resolving this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits,” the company said in a press release Security analysts advise users to keep their devices up-to-date as tech companies continue to push out security fixes. “I do my best to keep my laptop and phone updated,” Omid Khatounabadi, a student at Mesa Community College, said. “Now because of these hacks, there is another reason to keep up with the software updates and patches.”