Press enter or return to search.

News

Beware: Spectre and Meltdown

Pexels, CC0) Caption: These two vulnerabilities can leak information from almost any type of device.

Increasing worries about two aptly named vulnerabilities in hardware called Spectre and Meltdown are problematic because hackers can exploit them to gain private data from almost any type of device.

Spectre is a vulnerability in hardware that allows attackers to “trick” applications into accessing arbitrary locations in that application’s memory, by manipulating speculative execution, which is something processors do to predict what instructions they will receive. Simply put: attackers can obtain information from an application by looking at what it predicts to do next: accessing passwords from a browser’s cookies, for example.  Compared to Meltdown, it’s more complex and difficult to exploit,  thus, harder to defend against.

Meltdown is an exploit, like Spectre, but it’s a more direct susceptibility, Instead of tricking an app into obtaining information, attackers directly break the isolation between programs and the operating system, allowing a program to access the system’s memory. This is like “melting down” the protection between applications and the operating system, allowing hackers to obtain what they want.

These exploits can be used on most devices with a processor. This includes most laptops, desktops, phones, tablets, etc. Though that might sound scary, major operating systems like Windows, OSX, and Linux have already made patches to defend against these exploits. Though each update may slow down the device’s overall speed, security against Spectre and Meltdown are reassuring.

Author

Comments are closed.