Meltdown and Spectre: Security Flaws Put Your Technology at Risk

University at Albany University at Albany Headlines

IT and security professionals are grappling with two vulnerabilities — Meltdown and Spectre — found in the hardware design of nearly every CPU running in computers today. (Graz University of Technology)

ALBANY, N.Y. (January 8, 2018) — Meltdown and Spectre are the names given to two vulnerabilities that are embedded in the hardware design of just about every Central Processing Unit (CPU) running in computers today. This design flaw has existed for many years, but was only recently discovered and publicly disclosed.

According to the New York Times, these flaws can potentially provide hackers with the means to lift passwords, photos and virtually any kind of data from any device that uses CPUs, including smartphones, iPads, as well as the hardware that powers cloud computing services.

UAlbany CISO Martin Manjak

The University at Albany’s Chief Information Security Officer, Martin Manjak, offered this overview of how these flaws operate, and what can be done to protect your data.

Q: How do these security flaws work?

A: Meltdown removes the isolation that is supposed to be maintained between applications and the system’s hardware, specifically memory (RAM). When an application makes a call for a system resource, it hands off that request to the operating system (OS), which interacts directly with the CPU, disk storage and memory.

Spectre accomplishes the same breakdown, but between the data used by different applications.

In both cases, it means that the data normally restricted to a particular application or the OS can be fetched from memory by a malicious application. This includes passwords or any other data used by the application, such as Social Security numbers pulled from a database.

Q: What are the risks posed to individuals from Meltdown and Spectre?

A: The major risk is to cloud providers and their customers due to the scale and shared nature of their infrastructure. Individual workstations and …

Read More