AstrotalkUK

Not for profit website/blog on astronomy, space and my writing

  • Home
    • FAQ
    • Contact
    • About
    • Privacy Policy
  • Content
    • Podcast
    • All episodes
    • Book Review
    • Cyber Security
  • Events

New Year and New Cyber Vulnerabilities – Spectre and Meltdown

By Gurbir Dated: January 4, 2018 Leave a Comment

A new year and a new cyber threat. This time the vulnerabilities are baked into the design of microprocessors delivering most of the IT services on the planet. Virtually, all devices, independent of operating systems or installed applications could be affected. It is not just the laptops and PC but almost all devices including tablets, smartphones, virtual servers and impact all vendors including Microsoft, Google, Amazon and Apple.

The vulnerabilities come from serious security flaws in “speculative execution” a technique that enhances the performance of modern processors made by Intel, AMD and ARM. The vulnerabilities with their snazzy names, Meltdown and Spectre were discovered and reported to microprocessor manufactures in June 2017 by Google’s Project Zero team along two papers (Spectre and Meltdown)  published by independent researchers around the same time.  The difference between Spectre and Melton is summarised by https://meltdownattack.com/ as

“Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory. Spectre tricks other applications into accessing arbitrary locations in their memory. Both attacks use side channels to obtain the information from the accessed memory location.”

Spectre is not easy to exploit but has no fix. Meltdown is arguably the more critical of two because it can be exploited in the Cloud Computing environment. Over the last decade, Cloud Computing services have blossomed and now deliver most of the popular applications used by online consumers, governments and industry. Multi tenanting is the mechanism by which cloud service providers can share computer resources (including processor, memory, storage) between multiple customers whilst ensuring secure segregation between them. Meltdown has the potential to undermine this fundamental principle of user segregation in a cloud-based service. Attackers in one cloud-based tenant can exploit Meltdown to access and download data (at 503 KB/s) that they are not authorised to do from a neighbouring tenant.

The flaws were due to be publicised next week but some news agencies, including The Register, published on Monday 2nd January. The vulnerabilities are not easy to exploit and according to the NCSC no exploits have yet been reported, but eventually, the cost of the fix will be humongous. The proposed software fixes reduce CPU process by around 20% to 30%. Commercially that may be too high a price to pay. At the present, the ultimate fix appears to be a hardware one.

Share this:

  • Twitter
  • LinkedIn
  • Facebook

Related

Filed Under: Cloud Computing, cyber, infosec Tagged With: cyber, Infosec

Join Mailing List

  • This field is for validation purposes and should be left unchanged.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Find me online here

  • E-mail
  • Facebook
  • LinkedIn
  • Twitter
  • Vimeo
  • YouTube

subscribe to mailing list and newsletter

  • This field is for validation purposes and should be left unchanged.

Browse by category

Twitter

My Tweets

Recent Comments

  • Episode 109 - The Antikythera Mechanism with Prof Xenophon Moussas - AstrotalkUK on Episode 26: Antikythera Mechanism
  • Missions To Be on the Lookout for During the 2020s – My Company on Episode 90 – An update on ISRO’s activities with S Somanath and R Umamaheshwaran
  • Apprendre les Radioamateurs - Radio club du BorinageRadio club du Borinage on Amateur Radio – Learning Under Lockdown
  • Gurbir on Categories
  • Desmond Welch on Categories

Archives

Select posts by topic

apollo Astrophotography BIS Book Review CCSK China Cloud Computing cnsa comet commercial Cosmology curiosity cyber Education ESA Gagarin History India Infosec ISRO jaxa Mars Media Moon NASA podcast Rakesh Sharma rocket Rockets Roscosmos saturn Science Science Fiction seti Solar System soviet space space spaceflight space race spacerace telescope titan USSR video Vostok

Copyright © 2008–2023 Gurbir Singh - AstrotalkUK Publications Log in

 

Loading Comments...