by Andrew Witchger
While it might sound like the James Bond franchise just released a new movie, Meltdown and Spectre are the names given to two newly discovered methods to exploit critical vulnerabilities found in nearly every processor in circulation today. While major hacks in 2017, such as WannaCry, NotPetya, Bad Rabbit, targeted security loopholes in the software running on a machine, Meltdown and Spectre target vulnerabilities in the kernel, which communicates directly between the hardware components of your devices.
The attacks for Meltdown and Spectre are implemented differently, but both have the same result: the ability to steal data from your devices. Each program running on your commuter or phone has a portion of memory dedicated to it’s own use. Also, each application is restricted to only accesses approved areas of memory. These restrictions are what allow you to safely access your bank’s website in one window while checking your email in the other, and your email program cannot access the bank password from the memory the website is using. Meltdown works by breaking down the security restrictions meant keep all programs in their allocated memory. On the other hand, Spectre achieves the same goal by tricking other applications into accessing memory that should be off-limits.
When the hack was first found in mid-2017 by researchers, they appropriately informed all the CPU manufacturers, and waited to publish their findings until software patches had been released to the public. Therefore, now that the attack is public knowledge it is more important than ever to ensure that all of your devices are updated to the latest version. Remember, the hack directly affects every cell phone, computer, server, router, and any device that uses a modern CPU. So don’t forget to tell your friends, and update Alexa!
How It Works in 3 Minutes
Meltdown in Action