Interesting and Very Dangerous Flaws in Almost All CPUs

A well-used feature in almost every processor can expose your private info


Tech | Jan. 5, 2018


Oddly enough, this affects pretty much every current computer on the planet. Luckily it's patched. Let us get right into it, shall we?

There are two exploits that your laptop, desktop, phone, tablet, and even your smart fridge and TVs can be vulnerable to attacks that can leak sensitive information (obviously, your smart fridge leaking the fact that you are running short on milk is not exactly sensitive, but you get the idea.).

The first one is Meltdown (CVE-2017-5754) which targets processors that utilize a technique called "Speculative Execution", which is pretty much every CPU on the planet at this point. The gist of it is simply that processors will sometimes guess information in an effort to speed up execution time, verifying it's guess was correct later. When you are processing any info, these guesses can be set aside in a vulnerable place in memory; so, say you are filling out a form for a credit card application. The processor, has to process your keystrokes, which is not a big deal, but this is one of those times where S.E. comes in handy, as it can guess with a great deal of certainty that when you press the key for the letter "R", that is going to be true, so it passes that info through the CPU and holds it in a place in memory where this exploit has been used to gather that info, so whatever you typed that ran through this Speculative Execution protocol can be accessed (unfortunately, with relative ease. I have seen a few examples that use 6-7 lines of JavaScript to grab the data).

The second is Spectre (CVE-2017-5753, CVE-2017-5715), which essentially does the exact same thing, so for brevity I won't explain those. 

These were discovered by the amazing team at Google's Project Zero. Fortunately, these have all been patched against and those updates are available for all major operating systems (Linux, macOS, Windows, Android, iOS, etc). For information on patching your system, feel free to check out this article from thehackernews.com. If you are into the security industry, I highly recommend following them if you aren't currently. 

UPDATE: Here is a link to a YouTube video that better explains it (courtesy of @Computerphile):

https://youtu.be/I5mRwzVvFGE

Now stop reading this and go patch your system! 

ABOUT ME



Hi! I am Ronin Dusette. I have many passions; photography, technology, music, travel, martial arts, gaming, cooking... Just whatever tickles my fancy. When I am out on adventures, I have things I would like to share, which is why I created this blog. From visual art, cooking and tech tips, and pretty much anything else I can think of to write will be verbally and visually painted here on this canvas. I hope you enjoy following me on my journey through life. Engage in conversations with me, ask questions, share your thoughts and art. I hope you enjoy what you see here. Thanks for visiting!


FOLLOW ME