To start the New Year, two major new hardware exploits have been publicized. And people are going nuts.
Since the news of these exploits has come out, AMD stock has skyrocketed while Intel’s has dipped significantly. PC hardware enthusiasts everywhere are running around screaming, and if you aren’t hyper-tuned into the world of hardware you may not understand why. Let us break it down for you.
What’s happening?
Two new hardware-based exploits have been publicized: Meltdown and Spectre. While both issues can be mitigated, it may be impossible to fix them outright without fundamental changes in hardware architecture from manufacturers.
What is Meltdown?
Meltdown is an attack that accesses active system memory and can gain access to the kernel. This allows Meltdown to spy on all of your programs and your entire operating system, regardless of how well-secured your programs are. This is primarily an issue for Intel CPUs, especially those manufactured in the past decade. Any recent Intel CPU is vulnerable to this exploit, as are some ARM CPUs (common in smartphones).
What is Spectre?
Spectre shares similarities to Meltdown, but is much more sophisticated and wide-reaching. Essentially, Spectre can attack pretty much every modern CPU, regardless of architecture or manufacture. Somewhat fortunately, execution of Spectre is more difficult than that of Meltdown…but also much, much harder to mitigate.
What can I do?
Short answer? Update everything as quickly as possible. Your operating system, your BIOS, your drivers, your browsers. Fundamentally, these are hardware exploits, and right now almost all smart devices and PCs are vulnerable. Software patches can alleviate this, though, especially in Meltdown’s case.
In the case of Meltdown, there’s already been plenty of progress made on software patches to protect against it. Meltdown is also an exclusively local attack, which requires direct access to the machine in question. Spectre attacks have been demonstrated in JavaScript, however, which means it can be executed over a web browser.
The No-Win Aspect
Even with the best possible software patches, users are going to suffer here. Because of the nature of these attacks, any fixes will come with a performance downside. This can be as minor as 3% or as major as 30%, depending on the age of your hardware, its power, the fix being used…etc. Fixing these problems without hurting performance is impossible.
Stay tuned to VR World for updates as this story progresses, and comment below if you need assistance.
