Explanations Meltdown and Spectrum attacks: know it all and protect yourself against it

The Spectrum and Meltdown vulnerabilities affect almost all modern processors, and can be exploited for cyber attacks and data theft. Find out everything you need to know about these two vulnerabilities, and how to protect yourself from them.

It all starts in January 2018. It is on this date that the Spectrum and Meltdown security flaws are revealed: two hardware vulnerabilities affecting almost all recent Intel and ARM processors. These vulnerabilities can be exploited by cybercriminals to steal data from almost any computer or mobile device.

One year later, even though some software solutions have proven effective and researchers have a better understanding of these flaws, the threat still hangs over the IT world. Discover everything you need to know about Spectre and Meltdown…and how best to protect yourself from it.

To know more about it

Meltdown and Specter: What is it?

Simply put, Spectrum is a vulnerability that can allow a program to access arbitrary locations in random access memory which is allocated to him.

Meltdown, on the other hand, is a vulnerability that allows an unauthorized process privileged access to memoryand therefore the reading of all the memory of a system.

Note that these are not single vulnerabilities, but classes of vulnerabilities each grouping together several variants. So far, 13 Spectrum variants and 14 Meltdown variants have been identified.

All these variants of vulnerabilities are based on exploiting the side effects of speculative executionwhich is a means of masking memory latency to increase the speed of microprocessor execution. Specifically, it is branch prediction that is exploited here.

Spectrum and Meltdown: what are the risks?

spectrum meltdown risks

These vulnerabilities are very dangerous, as they can allow cybercriminals to Bypass the security systems of almost all recent processors.. In fact, PCs, servers, smartphones, tablets or even IoT devices such as routers and connected televisions can be affected.

By exploiting these loopholes, criminals can read the memory of a protected system…The system can also be used to obtain access to passwords, encryption keys, and other particularly sensitive data.

To exploit Specter and Meltdown, hackers don’t even need the user to run malware. It is even possible to operate them from a web browser via JavaScript. Similarly, it is possible to use them to retrieve data from a software container or virtual machine on the Cloud.

On the other hand, Spectre and Meltdown can be exploited without leaving any trace in the system logs.. This is why it is very difficult to detect attacks based on these vulnerabilities.

Spectrum and Meltdown: what products are affected?

Spectrum meltdown products

Almost all electronic devices currently available on the market are affected by Spectrum and Meltown, and the oldest products affected date back to the 1990s. However, different types of processors are not affected to the same extent depending on their microarchitecture design.

Generally speaking, all computers, smartphones and other devices and products that contain Intel, AMD, Arm or POWER CPUs are potentially affected by Spectrum and Meltdown.

Spectre and Meltdown: how to protect yourself from attacks?

To protect against Spectrum and Meltdown, the only viable solution is to make sure the latest patches are installed on your system. Unfortunately, knowing that this is a hardware vulnerability, it is still possible to exploit some variants of Spectrum and Meltdown on systems protected by the latest patch.

It is not known at this time whether it is really possible to completely patch these vulnerabilities through firmware or software updates. However, there is no other solution to date.

Be the first to comment

Leave a Reply

Your email address will not be published.