A few months ago there was a flurry of news about Meltdown, and though the news has quieted down since then, not many people know what it is.
We aim to explain what it is, how it works, who is affected by it, and what YOU can do to protect yourself, be at home or your business.
- What Is It?
Meltdown is a critical vulnerability in modern processors from both Intel and ARM. Although only recently discovered by three independent teams from Google, Cyberus Technology and Graz University of Technology, this flaw has existed for the last two decades.
- How Does It Work?
Meltdown ‘melts’ the security boundaries that are typically enforced by hardware. It breaks through the isolation between your applications and the operating system. This allows the malicious program to access both the memory of other programs, as well as your operating system.
Imagine this. Your WiFi password is ‘AllAboutShips’. (Maybe you were part of the Navy. Or just a fandom enthusiast.) You, the user, is browsing on a site that might not be completely secure. Someone else, we’ll call them BlackHat, wants to access your WiFi. They use the fact that your computer can run and cache multiple pieces of information at once to their advantage. They have your computer download an image in the background and then run a program.
That program fills in pixels one by one, testing your computer. It executes a line that asks your computer to load a pixel if X. In this case the X would be “IF the first letter of the wifi password is A.”
If the computer returns a response quickly, BlackHat’s program knows that the first letter is A. If it takes longer and has to think about it, it knows to try something else. This process continues in the background while you remain unaware. Now think about how many situations this can be applied to and you’ll quickly become aware of why this is a problem. Passwords, bank accounts, and business files are just the top three.
- Who Is Affected?
That’s the problem. Remember how we said that it has existed for the last two decades? Every processor for Intel and some of them from ARM have been tested and proven to be affected by this vulnerability. This includes not only personal computers but smartphones, mobile devices, and the cloud. Yup. Even the cloud can be accessed. What’s worse is that it’s possible for BlackHat to go one step further and reach out from your computer through the cloud to someone else’s as well.
- What Can I Do?
Fortunately, since those three teams found it there have been software patches released to guard against this. While they’re not foolproof and you do have to go hunting for them, it is possible to find them for your browser, your phone, and your OS.
Although Meltdown affects much of the technology we interact with today, there are patches and new ideas in the works to overcome this flaw. Rather than having a meltdown, make sure to protect yourself as best you can.