Meltdown and Specter: What Do They Hide About Vulnerabilities?

Experts on processor security, including one referred to paper of Meltdown, are reported to disagree as to whether the solution to Specter's vulnerability requires modifications to the hardware or whether software updates can resolve the issue.

The Meltdown vulnerability could be the focus of the future which attacks processor functions and even idle systems, according to experts.Spectre

"The Specter and Meltdown theory is difficult to understand," said Anders Fogh, a security researcher at G-Data and an expert in processor security. "If it was used in the past, it would only be in advanced attacks. But now that the research has been released, it is very likely that we will see Meltdown-based malware attacks relatively quickly. ”

Meltdown – like the – είναι ένα ελάττωμα που επιτρέπει αποκάλυψη πληροφοριών, αλλά από μόνο του δεν είναι κατάλληλο για κάποια απομακρυσμένη εκτέλεση . Έτσι η ανησυχία των ερευνητών αφορά μελλοντικές συνδυαστικές επιθέσεις με άλλα malware, που θα έχουν σαν στόχο την υποκλοπή κωδικών and cryptographic credentials from unpatched systems.

Meltdown exploit can be done easily, but it is also relatively easy to repair, while in Specter, things are difficult from all opinions. Daniel Genkin, a postdoctoral fellow at the University of Pennsylvania and the University of Maryland, told the Register, which revealed the vulnerabilities, that an ongoing repair of Specter would require a redesign of the hardware.

Anders Fogh of G-Data disputed Genkin's view, telling the Register that the patches already released increase the difficulty of such a s.

"Withdrawal of processors is not possible anyway," he said. "The next step is to convince our customers to install them ".

With Fogh's logic, however, those who have the necessary knowledge (see intelligence services) could find out how to exploit the vulnerability.

On the other hand, Werner Haas, a representative of Cyberus Technology and a member of one of the three independent teams that discovered and reported Meltdown, said that achieving a comprehensive protection against Specter is very simple and may involve an "ongoing process" with software fixes and hardware modifications.

"The Specter scenario is not that simple, as cross-application attacks are unlikely without even OS participation," said Haas.

"Therefore, a general solution like Meltdown seems unlikely. Therefore, I expect combined repairs to hardware / software defects along with the warning that the fight against Spectre will be an ongoing process. "

Here, let us mention that immediately after the announcement of the vulnerabilities CERT announced that the only way to repair Meltdown and Spectre was to replace the CPU.

"The underlying vulnerability is mainly driven by CPU architecture design choices," CERT researchers wrote. "The complete removal of the vulnerability requires the replacement of the vulnerable CPU."

A little later, and without knowing who was playing under the table, CERT recalled, and an Intel representative Agnes Kwan said: "CERT updated the vulnerability note to correct some inaccuracies."

Of course, we wouldn't expect Intel to say otherwise, since admitting the CERT report would cause major upheaval in the , with the corresponding financial cost.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).