The Most Serious Hardware Security Vulnerabilities In The History
You might be a curious to know what is really happened in Intel AMD Processors?
Google researchers published a study entitled “Reading privileged memory with a side-channel” in which they describe the hardware vulnerability they found, which affects almost all modern and outdated processors, regardless of the operating system. Strictly speaking, there are two vulnerabilities. Many Intel processors are affected by one (they were investigated). AMD with the ARM is also vulnerable, but the attack is more difficult to implement.
The attack allows you to access protected memory from code that does not have the appropriate rights.
Perhaps the most likely and unpleasant application at the moment is getting a system memory dump during JavaScript execution.
Another interesting option is the escalation of the rights of reading memory from a virtual machine. How do you get a VPS that steals data from other host machines?
The exploitation of the vulnerability leaves no traces.
How serious is this?
It is very serious. The world will be divided into “before” and “after”. Even if you do not have a computer at all, some of the consequences indirectly can catch up with you offline.
How to defend yourself?
Install the latest system and browser updates. If you are not sure that the hole is exactly closed and your system is absolutely safe, it’s better to turn off JavaScript even when visiting secure sites – they can be compromised. Some experts believe that software cannot be completely secured and the only way to solve the problem is to replace the processor with an option asbestos that is certainly safe.
Is that all?
Not all. Judging by the tests, patches will greatly affect the performance of existing systems. Tests show a drop of 10-30% in some tasks. Yes, yes, you all correctly understood, your poppy can become forever slower, and AWS is much more expensive.
Additional information
- The original Google Project Zero study
- Description of the attack Meltdown
- Description of the Specter attack
- ARM Comments
- Comments from AMD
- Google Comments
- Comments on Chromium
- Android Updates
- Emergency patch for Windows 10