Sign up for our newsletter
Technology / Cybersecurity

First Meltdown, now Spectre: Everything you need to know about the Intel, AMD & ARM chip crisis

Security researchers have uncovered widespread computer chip vulnerability affecting hardware created by industry giants Intel, AMD and ARM. The vulnerability consists of two bugs, which professionals believe could be exploited by hackers to steal masses of valuable data including card details.

One of the flaws is called Meltdown, which poses a threat to devices using Intel chips specifically. The other is called Spectre and has a potential impact on devices using chips from AMD and ARM, in addition to Intel.

First Meltdown, now Spectre: Everything you need to know about the Intel, AMD & ARM crisis

While the UK’s NCSC has found no examples of the vulnerability being leveraged by attackers, there is still work to be done to neutralise the threat – users themselves may have to perform necessary updates.

White papers from our partners

You are not alone in bolstering your security posture in face of the bugs, with tech industry leaders including Microsoft and Google working to provide users with information regarding incoming updates to remedy the problem.

 

Which chips have been affected and what are the risks?

Two computer chip bugs that could potentially be exploited by hackers to steal data have been found within Intel, ARM and AMD chips.

Mike Buckbee, Security Engineer at Varonis, said: “This vulnerability makes it theoretically possible to open up the end user’s device and rummage through the computer’s memory. For example, a JavaScript application running in a browser on a website could potentially access your computer’s kernel memory and rip through any information held there.”

First Meltdown, now Spectre: Everything you need to know about the Intel, AMD & ARM crisis“While all the details are not available at this point, from what is known, this vulnerability can be considered a threat: it could allow for credential theft or other privilege escalation exploits. In this respect, while potentially dire, it’s very similar to an insider threat or admin data breach. Organisations need to layer multiple levels of protection to build defensive depth in their networks and applications,” Buckbee said.

 

What could hackers do with this vulnerability?

Paul Ducklin, Senior Technologist at Sophos, said: “Even if you assume that an attacker didn’t know where to focus his attempts, but could do no better than to grab live kernel data at random, you can consider this issue to be a bit like Heartbleed, where an attacker would often end up with garbage but might occasionally get lucky and grab hold of secret data such as passwords and private decryption keys.”

Top tech New Year’s resolution solutions
Fintech in 2017: Brexit, Blockchain and Bitcoin
Top 2018 regulations not to forget about over Christmas

“Unlike Heartbleed, the attacker already needs a footprint on a vulnerable server, for example as a logged-in user with a command shell open, or as the owner of a virtual machine (VM) running on a hosting server,” Ducklin said.

 

A reminder to always patch

Many tech industry leaders are reassuring those who are up to date with patches, making this concerning instance a good example of why it is essential to remain on top of patching. Failure to patch accelerated the damage of the WannaCry attack against the NHS in 2017.

First Meltdown, now Spectre: Everything you need to know about the Intel, AMD & ARM crisis

Rob Graham, a security researcher, said in a blog, “If you download the latest update from Microsoft, Apple, or Linux, then the problem is fixed for you and you don’t have to worry. If you aren’t up to date, then there’s a lot of other nasties out there you should probably also be worrying about. I mention this because while this bug is big in the news, it’s probably not news the average consumer needs to concern themselves with.”

 

What else can be done moving forward?

Chris Morales, head of security analytics at Vectra, said: “While the security research community continues to find and report flaws like this, we must assume there are many more they did not find that attackers may already know about and have exploited. Every organization needs to assume that perfect prevention is not possible, exploits will always exist and breaches will occur.”

“With this mindset, even with perfect patching, organizations need to focus their efforts on finding the attacker behaviours that occur after a flaw is exploited and before the attacker succeeds in stealing information or causing damage to the organisation,” Morales said.

 

Not just new chips are vulnerable

The professionals that first tracked down the bugs have stated that the vulnerability is present in chips made as far back as 1995

Despite this expansive surface for attack, so far there have been no signs of malicious activity in leveraging the fault. Keeping tabs on the vulnerability, the National Cyber Security Centre from the UK stated that it has not yet found reason to believe that it has been exploited by hackers.

 

Tech industry reaction

Industry leaders have made a swift response to the concerning matter affecting the computer chips made by Intel and others, with the likes of Microsoft and Google stepping into the breach. Updates to tackle the problem have been released by Microsoft for the 4th of January 2018 and Google has shared a blog detailing what is secure and when updates are arriving.

First Meltdown, now Spectre: Everything you need to know about the Intel, AMD & ARM crisisThe blog states that Android phones that are equipped with the most recent security updates are not vulnerable; also noting that Gmail is not at risk. Chromebook updates and updates for the Chrome web browser are also soon arriving.

“To counteract the threat, patches for all operating systems are in the works. These patches “scramble” how kernel memory is stored, making it impossible for applications to exploit the flaw,” Mike Buckbee said.
This article is from the CBROnline archive: some formatting and images may not be present.