Spectre and the Meltdown Story; why it’s Important to your Firm

January 10, 2018

Daniel Gruss, a 31 year old information security researcher in Frankfurt clearly didn’t get much sleep after he found out he was able to hack his own computer, finding an imperfection in chips made by Intel Corp stemming back over two decades.

Daniel was able to breach the core of his CPU and steal vital information. Prior to this situation, it’s only been thought theoretically possible to access this portion of a CPU. Personal data stored here should not be easily accessed, and when Gruss watched his tool uncover extremely personal information, it was nothing short of shocking.

Gruss and his two coworkers were all working from home on this December weekend, furiously messaging each other trying to rule out any other possibility other than there is a major flaw in two decades worth of Intel chips. “Meltdown,” the flaw’s official name, has been dubbed as one of the worst CPU bugs ever found.

Along with “Meltdown,” one other issue was uncovered that it too can access vital information that should not be exposed. The second issue is named “Spectre,” which affects chips in computers and mobile devices made by Intel, Advanced Micro Devices, and ARM Holdings.

In layman’s terms, these two breaches allow hackers to access secret passwords, pins, and all photos from computers, laptops, and mobile devices. Currently, Intel and Microsoft are working on a fix for these issues.

Gruss and his team are working diligently on a fix, calling it the Kernel Address Isolation to have Side-channels Effectively Removed, or KAISER. KAISER is out to prevent all side-channel hacks and preserve all personal data.

 

A Fix in the Making

Gruss got in touch with Jann Horn from Google, and Paul Kocher from Cyberus Technology, who were each working on their own fix to patch Meltdown and Spectre. The immediate concern is Meltdown right now, which Microsoft is releasing a fix soon. Spectre is much more difficult to exploit and accomplish, so as soon as Meltdown is successfully taken care of Spectre will be addressed.