During 2017, the security industry had something of a rude awakening with regards to cyber security. The current CPU vulnerabilities will present new problems for security systems. The recently-reported Meltdown and Spectre vulnerabilities are different to typical cyber security threats. When cyber security vulnerabilities are discovered, they’re rarely revealed to the outside world before a full solution has been implemented.
There’s a general agreement between companies and researchers that allows vulnerabilities to be addressed prior to disclosure. Typically, this approach works well and allows the company in question to roll out a fix, often without the end user knowing it has happened.
In the case of Meltdown and Spectre, this hasn’t happened, predominantly because the CPU-based flaws were discovered by multiple parties simultaneously.
A huge number of technology-based manufacturers make use of the affected processing chipsets. From PCs and servers to tablets and mobile phones, in the cloud and across intelligent infrastructure, through to smart systems in cars and household appliances, the chips are widely used by numerous manufacturers. They will also have been used in many security devices and systems in recent years.
Meltdown is believed to affect many Intel chips manufactured since 1995. The flaw means that applications can effectively steal data from the CPU core. Spectre is reported to affect all modern chips including those from Intel, AMD and ARM. It allows applications to be ‘tricked’ into passing on secure data.