keycomm

3 / 39 Campbell St 4066 Toowong, QLD
Phone: 1300 662 209

Understanding Meltdown and Spectre:

Meltdown and Spectre exploit critical memory disclosure vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is processed and held in memory and registers. This could allow attackers to steal passwords stored in a password manager or browser, personal photos, emails, messages and documents. Though programs typically are not permitted by the computer to read data from other programs, meltdown and spectre get around this fairly creatively.


Programs leveraging Meltdown or Spectre can use features of modern processors called 'out-of-order execution' and 'speculative execution' respectively, in order to do this. Both out-of-order execution and speculative execution are described as 'indispensable performance features' of modern processors with the unfortunate side effect of disclosing memory of one program to another, speculative execution basically refers to processors use of time otherwise spent idling to 'guess' their next execution state as determined by the program code. Out-of-order execution basically allows a processor to execute instructions as soon as input data and instructions are available, once again making use of time otherwise spent idle.


What can be done? Whilst this is a hardware problem, it can be mitigated with a Software Patch for most operating systems. This mitigates the threat of Meltdown, however Spectre is likely to be a more pervasive and long term problem. Thankfully, due to it's intricacy, it is far more difficult for criminals to target with attacks.


Further Reading


To read further, follow these links to articles on Spectre and Meltdown.

Information being extracted from a password manager

Information being extracted from a password manager

Information being dumped from memory (With Meltdown).

Information being dumped from memory (With Meltdown).