A meltdown for CPU manufacturers

Since Christmas there’s no argument about what the biggest story in tech has been. Two serious security vulnerabilities were found that affected the vast majority of CPUs in the market today. “Spectre” affected chips made by Intel, AMD and ARM, and Meltdown affected mainly Intel-made chips, with one or more ARM designs also being affected.

When the story broke, it became apparent that the chip companies already knew about the issues and were working with partners in a race against time to develop a fix before the news got out to the general public. Patches did become available to block the vulnerabilities in the affected chips, but at the cost of performance issues for the CPUs. These performance issues became more extreme with the age of the processor, with the latest Intel CPUs barely suffering any slow down and the oldest running up to 30% slower. In the latest round of patches, Intel claims that customers with Skylake generation CPUs or later processors running Windows 10 should not notice any difference in performance.

With the Meltdown vulnerability, instructions were allowed to access and read the kernel memory of the chip – even instructions that were from an application with severely restricted access. The Kernel memory is where the most highly guarded data is kept, in what was thought to be a secure area. It meant that normal instructions could read crypto keys, passwords and other important information. While being a nuisance for normal users, the vulnerability was much more damaging for server farms or other areas where virtual machines are in use, as the vulnerability meant that instructions on one virtual server could read information for all other virtual machines on the same physical server.

Security is one of the main focuses for the whole industry at the moment, especially with the emergence of the IoT, where the amount of important information being transmitted has exploded. Developers of autonomous vehicles are also looking for security solutions to protect vehicles from being hacked while on the move. The news of such huge security flaws from giants of the industry will definitely give them and their backers cause for concern.

So far it looks like even though the flaws were wide open and have been for a considerable time, nobody has taken advantage of them. It is important that everyone should download the latest patches for computers, phones and other electronic devices. For anyone that needs more information on the vulnerabilities, Intel has released a white paper that can be found here https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf.

PSD