Own a fast computer ? Spectre and Meltdown got you(almost)!
Yes, Spectre and Meltdown are two cool movies; what does it have to do with computers and smartphones ?
Before we look at them further; lets look a computers and smartphones with regards to the evolution in their performance.
There has been a phenomenal growth in the performance of computers over the last decade. Every new iteration of smartphone and computer became significantly faster than the previous one, in the last decade or so.
One reason why these systems became faster is because of the ever evolving architecture of the hardware inside them. Every year Companies like Intel, AMD, Apple and Samsung release new microprocessor and SOCs for their personal computers and mobile phones; these are based on the latest and the most efficient architecture(The architecture dictates how the chip should process the data available to it) licensed from ARM and and a few other chip designers.
Since almost all the chips that power our devices use similar underlying mechanisms to execute the tasks, all our devices have reached a notch higher in performance with the evolution of the architecture.
The main jump in the speed of computing because of a clever feature built into the system architecture. This feature is named “Speculative execution”.
I will explain this using a small anecdote from my childhood.
I spent most of my childhood in Dubai. Every weekend, my parents along with me went to the same restaurant. I ordered my barbecued chicken every time I went there. Over time I became acquainted with the person who took my orders. Now, whenever I go there; he does not give me the menu card. He smiles at me and tells me that my barbecued chicken is ready and will be served to me. He speculated that I would always order barbecue and kept it ready for me before even I was there at the restaurant.
These days a processor is able to speculate what you are going to do next with your device. It guesses what your next click is going to be and keeps those sets of tasks ready. so if you chose to do one of the tasks the CPU predicted, then the output is in front of you without any delay; also, the other tasks in the speculated list are discarded. This is called “Speculative execution”. Some of these speculated tasks may contain your personal data like login credentials etc.
This intentionally made feature not only made our systems dramatically faster, but also made our systems vulnerable to Spectre and Meltdown attacks.
Why are these vulnerabilities named Spectre and Meltdown?
According to researchers meltdown “basically melts security boundaries which are normally enforced by the hardware.” Spectre, meanwhile, “breaks the isolation between different applications” allowing “an attacker to trick error-free programs, which follow best practices, into leaking their secrets.”
These vulnerabilities are able to exploit the feature of “speculative execution” to gather personal information of the user without raising any suspicion.
All most every computer and smartphone you own are vulnerable, be it from Apple, Google, HP, Lenovo, Intel, AMD etc; unless you have installed patches.
They will remain so unless these OEM’s (Original Equipment Manufactures) provide patches to fix the issue.
This vulnerability is not limited to the personal computers we use. The servers and the computers that host the cloud network( AWS, Google etc) are also vulnerable. This makes many websites, the services that depend on the cloud vulnerable too.
The good news is that the vulnerability is being patched as you are reading this article. By the end of this month, most of the services will be completely patched.
But patching the personal devices remain a challenge because of the large varieties of devices that exist. This fragmentation makes it difficult for the OEMS to issue patches; it is going to be a lot of time till the majority of devices are patched.
How can we stay safe till then ?
- Update your OS as soon as an update is available.
- Update your software promptly.
- Always download apps from trusted stores of the operating system.
- Avoid clicking on malicious links sent though e-mails.
