It’s pretty concerning now-a-days to know that our little pocket computers, or our big PC is affected by some security flaw, as we store valuable data in these, do banking with these and so on. now, what if that flaw is, according to the experts, ‘biggest in the history of computing’? That is what the Spectre and the Meltdown is. We’ve all probably have heard about it by now, but what are these really? how do they affect the security? Let’s try to explain these.
CPU in a computer, or a phone is a smart thing. It does everything you ask it to do, and it does things you don’t. What does this even mean? well, to be more efficient, it processes some instructions, fetches some data ahead of time. This is called “Speculative execution”. Let’s consider this, you go to a restaurant everyday at a certain time and order a steak. After some days, seeing the pattern, the chef starts cooking the steak even before you arrive, just to be more efficient, so that when you reach, you get the steak ready. Now, one day, you go and order a different dish. What happens then? you get the different dish, it takes a little time to cook and the steak that was already cooked for you ahead of time gets dumped, because that was a ‘miss’.
In computers, or phones, this dumping happens inside memory, the cache memory to be exact and that part of the memory is unprotected. Now, a potential malware can get inside that memory location and steal all those dumped data. It might sound a little amount of data but it is not. Imagine this, if a malware is fishing for data inside that location for a month, it might get everything that’s valuable to you.
Fixes are on their way, Apple has already published a mitigation of Safari browser with their iOS 11.2.2 update, Google too has posted the same with the January security patch, but remember that these are only mitigation, which will just reduce the severity of the issue. It wont fix it completely because this is a hardware flaw. The only real fix is to replace your CPU with something that is yet to come. Now, the question is are you getting the mitigation? Looking at the fragmentation that is still plaguing Android even after Google’s brilliant project Treble, it seems like at the end of the day, the majority of current Android users will be left unprotected. Have you got the mitigation? let us know in the comments bellow.