Technology

Meltdown and Spectre explained

more-in

If you own a modern computing device, chances are you’re affected by the Meltdown or Spectre bug. Here’s what you need to know

Amid all the celebration that rung in the new year, the Internet has also been flooded by an ominous slew of articles on the Meltdown and Spectre processor exploits. Unlike the occasional scare that affects only certain devices running specific hardware or software, and is usually easily fixed, these two likely impact pretty much anyone whose device uses an Intel processor (and in the case of Spectre, AMD and ARM processors as well).

A quick overview

The vulnerabilities were made public on January 3 by Jann Horn of Google Project Zero and independently by other teams and individuals. They are similar in the sense that they exploit flaws in CPU architecture dating back decades to extract user information both from local applications on a device or, in the case of Spectre, from websites through a web browser.

 

Essentially, Meltdown exploits hardware vulnerabilities by accessing data that processors pre-fetch in an attempt to speed up their working, but fail to completely delete from their caches afterwards. This issue affects Intel processors released as early as the mid 90s, but is being mitigated through patches released by Intel and other manufacturers, who use the company’s chips in their products.

Meltdown and Spectre explained
 

Spectre, on the other hand, affects more devices, and its ability to exploit software applications previously thought to have been made with no vulnerabilities makes it harder to counter, hence the name, as it will ‘haunt’ us for a while. The exploit can be leveraged through Javascript to steal data from browsers, and this feature makes it difficult to identify what form a hack can take.

What you can do

As a user, not much. The tech industry as a whole is aware of the issue and Meltdown patches are already being issued, so the best option is to download and install all driver and operating system updates released by the respective vendors. As for Spectre, companies like Google have issued a list of their services and their current safety levels, which also highlight recommended actions for users, one of which involves enabling ‘site isolation’ on Google Chrome to help stop Spectre attacks. This feature works for Chrome on Android as well, though Google warns it may lead to ‘performance issues’.

Since no known attacks have happened yet, anti-virus software are still in the dark, but it is likely that as soon as something is spotted, they will update detection parameters, so keep an eye out for updates from your anti-virus provider. On Android, ensure your device is updated to the latest security patch issued by the device manufacturer.

For more detailed information about your systems’ vulnerabilities and answers to frequently-asked questions, visit www.meltdownattack.com.

Why you should pay for quality journalism - Click to know more

Recommended for you
This article is closed for comments.
Please Email the Editor

Printable version | Jan 20, 2020 11:28:49 PM | https://www.thehindu.com/sci-tech/technology/meltdown-and-spectre-bugs-explained/article22443969.ece

Next Story