Protect your machine from Meltdown and Spectre
The information technology security woke up to year 2018 with the discovery of Meltdown and Spectre. Meltdown and Spectre is a vulnerability that was discovered in the PC Intel and Qualcomm powered processors and Spectre on billions of devices running on ARM, AMD and Qualcomm processors.
In the wake of the festive holidays the potentially industry-shaking flaw in these chips was discovered by three researchers from Austria. Moritz Lipp, Daniel Gruss, and Michael Schwarz researchers from Graz’s University of Technology reported the flaw to Intel though a week later Intel informed the trio that actually they where the fourth to report the issue within the space of a month.
What is Meltdown and Spectre
Meltdown and Spectre have shown a terrific vulnerability that has shaken the industry. This pair of vulnerabilities broke basic security for practically all computers.
Meltdown is a flaw that could allow an attacker to read kernel memory – the protected core of an operating system. Meltdown affects Intel and Qualcomm processors and a type of ARM chip.
Spectre on the other end affect processors from Intel, ARM, AMD, and Qualcomm and is far more difficult to patch. What’s devastating is that Spectre affects the CPU directly. Spectre, would let attackers trick the processor into starting the speculative execution process.
‘Speculative execution is what make computer processes run faster. A chip will essentially guess what information the computer needs to perform its next function. As the chip guesses, that sensitive information is momentarily easier to access.’
In both Meltdown and Spectre attackers could see data that the processor temporarily makes available outside of the chip. Meltdown flaw makes use of the Operating System to sniff out the data and thats why its been easier to patch than Spectre that trick the processor into starting the speculative execution optmisation. Source CNET
How to Protect Your Machine
Updates have started to roll out but
‘It’s hard to tell who is the right person to resolve this and how soon can it be resolved.’ ARCHIE AGARWAL, THREATMODELER
Intel has started to work out some firmware patches and are now interacting with vendors like HP and Apple to see how to distribute the updates. Apple released three updates that make changes to iOS, macOS and Safari Itself.
Safari 11.0.2 update is meant for OS X El Capitan 10.11.6 and macOS Sierra 10.12.6 and it includes security improvements to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715). iOS 11.2.2 is meant for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation.
On the Windows side patches are already out for recent versions of Windows, Android, macOS, iOS, Chrome OS, and Linux. Though reportedly some AMD PC owners say the Windows 10 Update makes their machine crash and fail to boot.
As the tech companies and manufacturers roll out updates it will be wiser to take note and update appropriately. Check your browser version chrome, safari, firefox and so on and ensure they are up to date. If you are running vendor hardware for network and firewall see what your vendor guidance is.
In Zambia most vendor hardware is Cisco, Sophos UTM, HP and Linksys. See here for Cisco advisory and here for Sophos
Though no known attack through use of Meltdown and Spectre has been announced the flaw was spotted last year 2017.
But the issue and design flaw has existed perhaps for more than 20 years and that’s two decades of billions of devices affected. Now that the flaw has been announced publicly hackers will take advantage of the flaw. And for sure they will succeed because not all of us are keen to update our systems.