Meltdown and Spectrum: 5 questions on processor vulnerabilities

By | October 10, 2018

Two security vulnerabilities on modern Intel processors, AMD and ARM, Meltdown and Spectre, were recently unveiled by research teams.

These vulnerabilities would allow a cyber attacker to access passwords and sensitive data on the concerned computers.

What are Meltdown and Spectrum?

2 critical vulnerabilities have been discovered in modern processor chips by Google Project Zero teams.

Meltdown have affected all Intel processors since 1995 (except Intel Itanium and Intel Atom processors before 2013) while the second, Spectrum, also concerns ARM and AMD processors.
These two vulnerabilities can allow cyber attackers to gain unauthorized access to a computer’s memory, and therefore to sensitive data. The pirates can use these vulnerabilities on personal computers, mobile devices, and the cloud.

How do they work?

Meltdown and Spectrum exploit processor vulnerabilities to bypass memory isolation in the operating system.

Meltdown can remove the barrier between user applications and critical parts of the operating system. This vulnerability makes possible to a program to access the memory, and therefore sensitive data of other programs and the operating system.

Spectrum can deceive vulnerable applications and gain access to the contents of their memory.

What are the risks?

Meltdown and Spectrum are used to recover processed data from the computer. A malicious program can use Meltdown and Spectrum to obtain secrets stored in the memory of other running programs. It can include passwords stored in a manager or browser, personal photos, emails, instant messaging and even critical documents.

Exploiting these vulnerabilities against cloud services seems to be the most worrying scenario.
Can we protect ourselves from it?

Microsoft, Apple, and Linux released patches to correct the Meltdown vulnerability.

However, these patches can have an impact on the performance of the affected computers. And the impact varies depending on the hardware generation and implementation by the chip manufacturer. The developers of the Linux patch have announced an average performance decrease of 30%.

Can we know if we were attacked?

Exploiting a flaw does not leave any traces in traditional log files (those containing system messages such as kernel, services, and applications).

Although detection by antivirus is possible in theory, it is not possible in practice. Unlike conventional malware, Meltdown and Spectrum are difficult to distinguish from benign applications. However, your antivirus software can detect malware that uses attacks by comparing binaries after the antivirus discovers them.

Till this time, no information has been disclosed regarding the exploitation of these vulnerabilities by hackers.