Hardware Vulnerability ‘Spectre’ a Genuine Threat, Say Experts
Generations of computers and devices will need a complete design overhaul in order to rectify the issue
Thursday 14th March 2019
Google experts have claimed that ‘Spectre’, a major security weakness inherent in most computer processing chips, is believed to be impossible to patch with software alone. In fact, the vulnerability is so significant that future generations of computers and devices will need a complete design overhaul in order to rectify the issue.
Spectre allows devices to be compromised by programmes that can potentially steal sensitive data such as passwords, emails and perhaps more. Computer chips manufactured by world-leading brands Intel, AMD and ARM, which globally supply processing components for practically all smartphones, are believed to be affected by Spectre.
Upon realising the threat Spectre poses and its worldwide presence, tech companies immediately got to work on finding a solution. It was discovered that Spectre decreases device speed by up to thirty percent, leading to Google adding a feature to isolate individual pages on Chrome to damage-control the vulnerability.
Despite the tech world’s greatest efforts, however, no comprehensive solution to the issues currently exists, with a fix for the fundamental flaw yet to be found. Speculative Store Bypass, a manifestation of the vulnerability, has now been branded as irreparable by Google experts. “The entire field of computing missed this,” Ben Titzer, co-author of the study, explained to New Scientist.
Spectre exploits a flaw in a feature called speculative execution, which optimizes processing speeds. Realising the likely futility of their efforts to safeguard against Spectre, experts now believe the only real way to overcome it may be to simply move forward, leaving the technology behind and ensuring that manufacturers iron out the flaw when designing next-gen computer chips and devices.
Due to the precise details of what can be stolen remaining unknown at this time, it is therefore difficult to gauge the effectiveness of previous software fixes. Computer chips make conjectures about future calculations which may be ultimately discarded if found to be incorrect.
Google’s Project Zero analyst team, comprised of security experts working alongside industry researchers across several countries, discovered the two flaws, known as Meltdown and Spectre, earlier in January.
Meltdown, specific to computer chips manufactured by Intel, allows hackers to bypass the hardware blockade between user-run applications and computer memory, something that could potentially enable hackers to read a computer’s memory.
Project Zero initially uncovered Meltdown in June 2018 when expert Jann Horn found that sensitive information like encryption keys, passwords, among other data, open in applications (that should have been secure) could be accessed.
The next flaw to be found, Spectre, which affects computer chips from the big-three tech brands Intel, AMD and ARM, allows hackers to potentially dupe otherwise error-free applications into disclosing confidential user information.
Award winning antivirus protection from TotalAV. Stay 100% safe from malware and online threats.