The worlds microprocessors have two major security vulnerabilities. Security experts have identified two hacks that are capable of affecting almost every computing device on the planet. The exploits known as Meltdown and Spectre could allow hostile actors to lock a computer for ransom or steal the memory library from computers phones or servers.
The attacks are designed to infiltrate the software and take advantage of the hardware based on the setup and arrangement of the processors. These hacks are extremely complicated and require a technical mastery to perform.
Experts believe there is no fast patch or easy fix to combat Spectre. To find a solution to Spectre specialists believe they would need to redesign the age-old concept of processors. A patch to fix the issue caused by Meltdown would cut the processing speeds by up to one-third.
A researcher with Google’s Project Zero, Jann Horn, was the first to report how malicious Meltdown can be. Cloud computing could be affected worldwide. Servers run by Amazon, Google, or Microsoft are all vulnerable to attack. One person only needs to rent space on a commercial server to access passwords and portals connected to the server or cloud computing.
1. Apparently I don’t know how to thread, so here goes my second attempt at blasting you with critical news on this “Intel Chip problem” which is not an Intel problem but an entire chipmaker design problem that affects virtually all processors on the market.
— Nicole Perlroth (@nicoleperlroth) January 3, 2018
By Wednesday, Microsoft and Google had claimed their cloud computing services had been updated to respond to the possibility of attack. Amazon declared the vulnerability has been around for 20 years using the common architecture of the processors. Amazon web services announced they had protected their AWS servers against such a flaw, but clients still needed to update their software on top of that.
Cloud computing regularly involves multiple machines and devices to share and spread the workload. Even though servers are designed to separate and compartmentalize consumer information, the new exploits are able to bypass such security measures.
The Intel computer chips make up a large majority of the processing power that helps to run and maintain the internet to both private and commercial users as well as government and military operators. Meltdown can have the ability affect every Intel chip in use.
Microsoft is pushing an update for their Windows operating system to fix the problem. Linux, which makes up about 30% of the worlds operating systems, has already posted a patch for Meltdown. Apple has posted a partial fix, Double Map in 10.13.3, and is expected to complete the software patch in an additional update.
— Michael Schwarz (@misc0110) January 4, 2018
All of these different operating systems will feel the same effects from the patch. Despite the difference in the way the services run, the microprocessors used suffer from a recently proven theorem which aims to take advantage of the design of the chip itself. A patch to prevent such an exploitation would ultimately slow the performance by 20% or 30%.
The second more troubling hack, Spectre, cannot be patched. Similar to meltdown, Spectre is aimed at taking advantage of the design of the processor used by most modern computers. Most modern processors like Intel, AMD, and ARM (despite official statements claiming to be invulnerable) among many others will suffer from the hack.
A solution to the Spectre hack may call for a complete redesign of computer processors and microchip construction. While Meltdown is designed to be inflicted upon fast, high performing machines, Spectre can be initiated on all hardware.
There are no reports of anyone using these types of hacks prior to their unearthing. But, hardware for the next decade will be carrying flawed microprocessors. The new patches and updates to be installed on computers and business systems will no longer be functioning with the efficiency it once experienced.
Once discovered, the teams working to independently verify the exploits contacted the manufacturers to address the issue before news goes public. A week before the scheduled release of information, internet news websites and independent twitter journalists picked up the story.
Because of the rushed timeline, a patch called Kaiser is being used to address Meltdown. Developed by an Austrian team last year, the patch was intended for fixing a different problem. A more stable solution will not be available until a new generation of equipment is designed and developed.
Computers and similar devices will continue to be developed with the design flaw for another decade until contracts and legacy maintenance are no longer supported. The restructure of the computing technology could set advancement and technical services back by a generation.