Latest Blogs

CPU main image

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

Independently two vulnerabilities of the design of modern CPU chips has become public knowledge. The two attacks are called,

Meltdown - which melts the security protection that prevents user applications from accessing the system kernel memory

Spectre - which is a flaw in the speculative execution used in many modern CPUs where one application tricks another into accessing arbitrary locations in their memory

Both attacks expose a flaw in the hardware architectural design by using side channel attacks to obtain information from the accessed memory locations. In the case of Spectre notice that Paul Kocher the pioneering side channel attack agent from the 90's was involved along with other collaborators.

As always there are two questions, is it true and does it matter? Well it's certainly true and the scientists involved have reported the attacks in detail through the papers referenced below. Does it matter, yes, it does but that doesn't mean that anything untoward is about to happen on your computer or phone. In the first place you would need to install the associated malware on your device but of course the hackers are now totally alerted to the vulnerability. If you are operating in an absolute virtual machine environment then that will already protect the user application space from the system kernel memory space. However, typical systems are vulnerable and the core operating system developers are creating patches that will mitigate  against these vulnerabilities. It's really all about performance, modern chips do lots of things in advance not knowing whether the anticipated path will end up being followed. This leaves a trail that the hacker in this case has been able to expose.

I have a stronger view which is that it is impossible to perfectly protect any computing system from attack if its operation can be changed, i.e. any programmable device.

Dr David Everett




Founded in 1983

Microexpert has been at the forefront of cryptographic design and development since 1983, having grown organically over the last 30+ years we have consistently supported the industry in delivering the highest quality, and through continuous training and development shaped our team to deliver the best service to our clients.

©2020 Microexpert. Registered number 01755695.