The most talked about hardware issue in the news right now is the “Meltdown” (CVE-2017-5754) and “Spectre” (CVE-2017-5753 and CVE-2017-5715) exploits. Nearly all the computers around the world are affected by one or both bugs. All the big-name software and hardware vendors such as Microsoft, Apple, and Google have been hard at work crafting a fix for this potentially damaging issue. Some patches are available while others are on the way.
Meltdown allows malicious programs to gain access to higher-privileged parts of a computer’s memory. Spectre steals data from the memory of other applications running on a machine. Meltdown is said to be limited to Intel, but Spectre has been exploited on ARM and AMD as well.
While programs typically aren’t permitted to read data from other programs, malicious programs could exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs, which include your passwords stored in a password manager or your browser, personal photos, emails, instant messages and even business-critical documents.
Meltdown breaks down the most basic of walls between user apps and the operating system. It allows a program to access the memory of other programs and take its secrets. Spectre breaks the isolation between apps, allowing hackers to unexploited apps into leaking information.
What Happens to Your Data
When modern Intel processors execute code, the code reaches a pre-programmed point in the algorithm. Instructions branch out into two different directions, saving time by “speculatively” venturing down these forks. So, in other words, they take a guess and execute instructions to get a head start. If the processor learns that it went down the wrong path, it jumps back to the fork in the road and throws out the speculative work.
A hacker could trick a processor into letting their unprivileged code sneak into the kernel’s memory by using speculative execution. When the processor throws out the temporary data, it jumps back to the fork. Making data retrieval difficult. It does temporarily store this information in the computer’s cache. With some clever code and patience, a hacker could easily find and steal the data in the cache, giving them access to personal information, passwords, and more.
While Meltdown and Spectre require access to your system, hackers have various ways to gain access. Already hackers are using phishing emails to trick users into giving them access. They send out an email claiming to contain a patch for Meltdown or Spectre. Instead, the email installs malware on your system. This malware gives the hacker access to your system, allowing them to exploit the bugs and take the unprotected data.
As an MSP or IT Services firm, how do you handle the inevitable influx of customers calling with concerns that their systems may be vulnerable? Techies like us understand how this works and how to avoid falling prey to a scammer looking to exploit this vulnerability. But what about the average business owner? Some things to keep in mind are:
Because the affected system needs malware running to use the exploit, there is still time to retrain customers on proper cybersecurity and training on how to spot phishing scams. This issue of Meltdown and Spectre potentially will be around for a while.