While a lot of people were enjoying New Year's Eve, somewhere from a geek's desk a file was made public (intentionally), that detailed how almost all computers on the planet were facing a serious vulnerability.
On January 3, Google Project Zero made their security research available to the public, which explicitly mentioned root flaws in SoCs (System on a chip) of vendors which affected the likes of Intel, AMD, ARM, Qualcomm — the leading developers of computing processors. Although security flaws are bound to occur in this fast-paced world, nobody thought they would break down to this level (at least that's what we’d like to think).
Consumers are seldom aware of security flaws that tag along with their computing devices, collectively known as “malware”, which may be mild enough to just slow down the devices, or tough enough to break down the data and breach into personal financial accounts. That being said, OEMs (Original equipment manufacturers) frequently release security patches or updates, which fix the devices and help get rid of the malware. Even some software applications are available, which help in early detection and removal. But what if the “malware” is hard-wired to the processor itself?
Enter, Meltdown and Spectre
“Meltdown” and “Spectre” are revelations from the 3 January 2018 report of Google Project Zero, which describes these as the hardware exploits embedded in virtually every computing device that uses processors from these industry giants. Personal computers, mobile devices, smartwatches — anything that runs on microprocessors from Intel, AMD, ARM, Qualcomm — is likely to be affected.
What's worse? Devices earlier than January 2018 are affected, and devices of the pre-2011 era are likely to be affected worse. Furthermore, cyber attackers have started working on these exploits to create malware that simply uses the processing units.
Haphazardly, OEMs did release updates which claimed to fix the exploit, but these updates resulted in device malfunctions, later resulting in these updates being withdrawn.
The exploits use processor-level loopholes rather than operating system ones, which make them live on virtually any system running on these processors: Windows, iOS, Linux, Android, etc.
For now, the OEMs recommend replacing older devices and updating to latest software patches as regularly as possible to avert damages to the security of your system. People tend to ignore firmware updates, but it's recommended to not stick with that attitude this time.
I strongly recommend that you update/upgrade your operating system with latest security patches that you may encounter as “system update” or “security patch” or the like. Stay updated about the latest proceedings by just entering “Meltdown” or “Spectre” in your search engine, which will help you decide on “what next?” OEMs have been releasing updates and patches left-right-and-center to avert future risks. I recommend considering cyber safety of paramount importance, given that we’re promptly moving towards a digital world, where computer and internet dependence is higher than ever before.
After the whole fiasco of Intel’s design vulnerabilities and update malfunctions, expect a 'Meltdown and Spectre Free' micro-processing environment on any future release by Intel. You might want to check for vulnerabilities on your computer by using few trusted tools that can be found online, such as the one provided by Ashampoo.
For further reading into what exactly happened:
Views expressed are personal opinions of the author towards the recent SoC vulnerabilities exposed on Intel microprocessors by Google Project Zero, and entail no endorsements or financial interests in any form. The author holds no responsibility for losses that may occur to the readers, if any.
About the Author
Aakash Chowdhary is a fifth year student of MBBS in Jammu & Kashmir. Aakash has a keen interest in ocular genomics and tele-medicine. He is member at the Global Alliance for Genomics and Health, a Foundation and Student Member of the Royal College of Physicians (Edinburgh), and a Medical Student Member of the American Academy of Neurology, American College of Physicians, and the AAEM Resident and Student Association. In addition, Aakash also runs a successful IT forum by the name of Crooked Computing Inc.