Intel CPU bugs scandal : Meltdown and Spectre

in #news7 years ago (edited)

You might have heard recently about the big scandal related to bugs in Intel CPU. The enormous majority of CPU built by the company have two major design flaws giving the opportunity for severe hacking. If you own an Intel chip, you are more likely impacted by this story. Moreover, exploits for these bugs are still not recognized by antivirus softwares.

Meltdown and Spectre are two physical design flaws existing in the circuits of Intel CPU chips, and they cannot be fixed on the hardware.

Meltdown

This first bug breaks the isolation between user applications and the operating system, meaning that a malicious application can have access to all the data stored in the computer. Passwords stored in a password manager (reputed to be safer than retyping your password every time), personal documents, professional sensitive information, anything stored in the computer is accessible.

Meltdown has been reported by three different teams independently :

  • Jann Horn (Google Project Zero)
  • Werner Haas, Thomas Prescher (Cyberus Technology)
  • Daniel Gruss, Moritz Lipp, Stefan Mangard, Michael Schwarz (Graz University of Technology)

Spectre

This second bug breaks the isolation between different applications allowing an attacker to trick programs into leaking their data. In this case, the abuse is a bit more complicated but still doable. The result is the same, someone can maliciously access your personal data.

Spectre has been reported by two different teams independently :

  • Jann Horn (Google Project Zero)
  • Paul Kocher in collaboration with, in alphabetical order, Daniel Genkin (University of Pennsylvania and University of Maryland), Mike Hamburg (Rambus), Moritz Lipp (Graz University of Technology), and Yuval Yarom (University of Adelaide and Data61)

Why a scandal ?

The scandal does not come from the fact that design flaws have been discovered (we always discover security issues along the way, it is part of life), it comes from the fact that fixes imply reducing the speed of your CPU by 5 to 30% depending on the applications you are running. These physical design flaws can be fixed in the software but at an enormous cost for performance. The other reason for a scandal is that Intel CEO sold all the shares he could few weeks ago... You can see here how Intel shares went down recently.

AMD and Intel are competing since a long time and 5% of performance difference will make people go for one or the other. AMD chips are not affected by the Meltdown bug but we still do not know about Spectre.

Sort:  

Congratulations @kevinbouge! You received a personal award!

1 Year on Steemit

Click here to view your Board

Support SteemitBoard's project! Vote for its witness and get one more award!

Congratulations @kevinbouge! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 2 years!

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Vote for @Steemitboard as a witness to get one more award and increased upvotes!