Yes, you heard me right. Recently, a team of researchers discovered two issues with the core architecture of the computer processor chips, one is Meltdown and the other one is named as Spectre(this one cannot be fixed). These two bugs affect practically every computing device, which includes Mobile phones, Computer/Laptops, and Cloud services.
What are these bugs?
In simple terms, these are two bugs/issues found at the most fundamental level of computer architecture, which allows any user application to access all the information stored on the computer.
In a computer information related to the different application, software etc are stored separately and only that particular application or software is allowed to access it, this includes critical operating system data as well. But Meltdown vulnerability breaks down this most basic isolation(wall) between a user application and operating system, hence allowing any user program to access all the data without any restriction, thereby revealing all the secrets of other software and applications.
Spectre vulnerability is a little different from Meltdown.
Spectre breaks the isolation(wall) between different applications, allowing application A to trick application B to share its data with A. It is found that if the application B follows all the security checks currently popular, it will only increase the chances of Spectre attack. But to our relief, it is very difficult to initiate a Spectre attack, but if launched, there is currently no way to safeguard World computing devices from it.
Is there a Fix?
No, there is no fix for Spectre, you heard me right, while all the Operating System companies are rolling out software patches for Meltdown, Spectre cannot be fixed without making hardware changes at the chip level.
Also the fix which are being rolled out, will slow down the computing devices by about 30%, which is a huge setback in terms of computing speed.
Today Apple announced, that all the Apple devices are affected by these bugs.
Microsoft has already started rolling out Software patches for their Windows operating system.
As Meltdown vulnerability is said to be more dangerous for Cloud computing services like Amazon Web Services, Microsoft Azure etc, hence these companies are also working towards a fix.
Amazon announced in a company press release that these issues have been around for the last 20 years, still, no one knew or exploited them because it's very hard for someone to exploit these backdoors.
What actually happened? Timeline of events
Google researchers discovered a few vulnerabilities in semiconductors in June and reported them to chip maker companies Intel, AMD etc. Intel, AMD and all other chipmakers accepted that their chips were affected by these issues. Thereafter, the researchers started working with these companies to fix the issue. All the major operating system companies were informed and were asked to work on software patches to fix the issue before making any public announcement.
All the major companies were supposed to release a coordinated press release next week, which is the second week of January, but The Register posted about it today and Michael Schwarz tweeted a video to use the Meltdown exploit. You can check all the details including the White papers on these issues on meltdownattack.com website.
Who is affected the most?
Did I not mention, every computing device is affected by this. Although if we want to talk about someone who is most affected, it is the market leading chip maker Intel. Intel chips, including other chipsets, are prone to these bugs. And as these bugs are found at the core microprocessor level, hence who is to blame? Yes, the chip makers.
Intel's share value is down, it is even reported that Intel's CEO sold the majority of his share when the news of these issues broke out.
How can you safeguard your data?
As of now, avoid visiting malicious websites, and do not download or install any 3rd party software or application that you do not trust.
Keep a close eye on the software updates (operating system) and install it as soon as you get one because all the companies like Microsoft, Android(Google), Apple are releasing software patched to fix Meltdown issue.
What if Intel knew about this since the beginning?
Then it will be the biggest scam of all time. All the computers in this world are affected by this, do you even understand what this means. We all know how dependent we are on our computers. I am writing this post using my Laptop. This is the biggest Christmas gift for Hackers.
Be safe, and keep your Computer safe.