Servage Magazine

Information about YOUR hosting company – where we give you a clear picture of what we think and do!

Chip security flaws

Monday, January 8th, 2018 by Helge

Specter and Meltdown!  These are the names of the two potentially serious security holes in processors that were revealed during the past week. We will start by stating that, with certainty, we can’t say exactly how serious the bugs are (or rather how easy they are to exploit). In any case, this is what we know so far:
meltdown-spectre-100745814-large
The security holes have been traced back to 2011. Initially, only Intel’s processors were pointed out (something that, of course, was so bad considering the manufacturer’s market dominance) but later at his has been revised and the problem, at least with Spectre, seems to apply to all major processor manufacturers. Simply described, it’s all about bugs on a basic infrastructure level that puts critical information stored deep into computer systems in the danger zone for attacks. It is neither a physical problem in the processors itself nor a common software bug of the kind we learned to recognize in all kinds of applications and systems. Rather, it’s about an interference, an error on the processor’s architecture, and how all its millions of transistors and logic drives work together to execute instructions.

In modern processor architectures there are spaces where data passes in raw and unencrypted form, such as inside the kernel, which is the most central software device in architecture, or in system memory. These data usually have powerful protection to prevent it being manipulated or observed by other processes and applications. Meltdown and Spectre allow an attacker (who knows how to do) to circumvent these protections, thus “seeing” almost all data the device processes, such as passwords and encrypted communications.

Meltdown affects Intel processors and works by breaking through the barrier that prevents applications from accessing arbitrary sites in the kernel memory. Removing and protecting memory space prevents malicious applications from interfering with data and prevents malicious software from viewing and modifying data. Meltdown makes this basic process fundamentally unreliable. Meltdown can theoretically also be applied to and across cloud platforms, where a large number of networked computers routinely share and transmit data between thousands or millions of users and instances.

Spectre affects Intel, AMD and ARM processors – which, as we understand, also includes mobile phones and almost anything else that has a chip in itself. Specters can be said to fool applications to unintentionally reveal information that would normally be unavailable and secure within its protected memory area on the processor. Security researchers agree that this vulnerability is much harder to exploit than Meltdown – but also much harder to get rid of.

There is (as yet) no evidence that malicious hackers have exploited vulnerabilities, but most major suppliers and manufacturers have or will soon roll out patches. However, there is great uncertainty about how effective they will be, as it is basically about how today’s processors are being built. Another monkey is that several security researchers who tested some of the patches warn that they can wreck your system – and it’s real. There is talk of a performance reduction of about 25% percent.

As  said, there are still a few question marks, and we could easily write a small book here in the blog about all the technical details, speculations and rumors that abound. But at this time, we will advise you to always follow requests for updating your systems! More details about what you need  to know about those big chip flaws can be found e.g. here: https://www.cnet.com/news/spectre-meltdown-intel-arm-amd-processor-cpu-chip-flaw-vulnerability-faq/

Chip security flaws, 5.0 out of 5 based on 3 ratings
Categories: Guides & Tutorials, Tips & Tricks

Keywords:

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

No comments yet (leave a comment)

You are welcome to initiate a conversation about this blog entry.

Leave a comment

You must be logged in to post a comment.