AMD, ARM and Intel CPUs vulnerable to attack
Various reports in the press contend that hackers are now able to exploit these vulnerabilities in CPUs from Intel, AMD and ARM to read information in system memory including passwords and encryption keys. Many reports also claim that patches to resolve these issues could slow CPU capabilities by 5 to 30 percent. Such a slowdown would be a particular issue with cloud and network performance that rely on high-performance CPUs.
According to the Google Security Blog, “Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.”
As soon as Google discovered these vulnerabilities they took steps to mitigate the damage that hackers could inflict on their systems and user data. The company has also collaborated with hardware and software manufacturers across the industry to help protect their users and the broader internet.
See also: Top five cybersecurity challenges for 2018
See also: Protecting IoT devices from cyberattacks: A critical missing piece
Intel have said they are working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. Intel also claim that contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.
Meltdown and Spectre
Speculative execution is an optimization technique that carries out a task before it is needed. The technique aims to anticipate the task before it is known to be needed and executes it in advance to avoid delays such a task might incur.
The vulnerabilities that can be exploited when implementing speculative execution are called Meltdown (Intel) and Spectre (AMD, ARM, Intel), and their details have been published by a variety of sources.
Meltdown allows a program to access the memory of other programs and the operating system – compromising the isolation between applications and the operating system.
Spectre compromises the isolation between different applications – enabling an attacker to access information across applications.
A detailed description can be found at: https://spectreattack.com
See also: New concept in computer systems promises to kill cyber crime
See also: SecureRF demonstrates future-proof security for the IoT
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
