Last year Google Project Zero team discovered some serious security glitch caused by a technique Speculative Execution which is a technique used by major processor companies to optimize the performance.

This technique performs some task that may not be actually needed in other words simply it guesses what instructions or work direction might logically be coming next to speed up the execution process or any assumption that might be not true and this capability is vulnerable to hackers who could access stored encryption keys and passwords.

According to google all companies like AMD, Intel and ARM along with the operating systems running on them.As soon as this flaw came into the picture Google team began to protect their Google services.

When it comes to vulnerabilities there are two sequences: Meltdown and Spectre

Meltdown

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.

Spectre

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre

They tend to affect nearly every device made in the past 20 years, the vulnerabilities allow an attacker to compromise the privileged memory of a processor by exploiting the way processes run in parallel.

Source

Intel said that these vulnerabilities are not unique to only ourselves instead other vendors of processors are also susceptible to these issues.

Jann Horn, a Google official posted an article and said “Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD, and ARM. For a few Intel and AMD CPU models, we have exploits that work against real software. We reported this issue to Intel, AMD, and ARM on 2017-06-01″

Link to the article – Jann Horn.

AMD says its processor is not affected by these vulnerabilities but Google has a different view as their Google researchers say they’ve demonstrated a successful attack on AMD’s FX and PRO CPUs. The ARM has also confirmed that its Cortex-A processors are vulnerable.

Sources – 1,2.

Leave a Reply