Meltdown & Spectre – Part 1: The Threat We Don’t Want to Talk About

Meltdown and Spectre represent a new class of security threat that endangers our digital world at its core – the processor. With the unveiling of such profound security holes, what do business leaders need to do to understand the potential impact of Meltdown and Spectre on their organizations and businesses?

At the beginning of 2018, the world was introduced to Meltdown and Spectre, two security vulnerabilities of a variety that the tech world had not seen before. Unlike the security threats we have seen in the past that exploited physical, software and network vulnerabilities, Meltdown and Spectre are results of design flaws at the processor level that presents a new security threat to businesses and consumers and exposes the foundation of our increasingly digital world to profound, pervasive risk.

The Meltdown and Spectre vulnerabilities were publicly announced January 3rd of 2018 but have their genesis in a risk cited in a paper published back in 1995 called “The Intel 80×86 Processor Architecture: Pitfalls for Secure Systems” submitted during the 1995 IEEE Symposium on Security and Privacy.

What are Meltdown and Spectre?  Both vulnerabilities are related to speculative execution, which is a task optimization technique and behavior of many modern processors.  If these vulnerabilities are exploited an attacker will have access to protected data stored in a CPU’s cache in what is called a side-channel attack.

The concerning thing about Meltdown and Spectre is that these vulnerabilities impact   x86 Intel, AMD and ARM-based processors designed and manufactured since 1995 that share the side channel vulnerability.  By January 31, 2018, 139 samples of malware were identified that may be early attempts to exploit the Meltdown and Spectre vulnerabilities.  This means a wide range of computing devices in data centers, workplace, homes and network operating centers could be increasingly susceptible to attack if not properly patched and protected.

Listen to our webcast replay to find out more about neXCurve’s point of view on Meltdown and Spectre.


neXCurve can help you and your team develop a strategy for dealing with the new breed of processor-level vulnerabilities and the threats they pose to your organization and your businesses.  Contact us for a complimentary consultation and an overview of our advisory and coaching services.

You can listen to the audio replay of our Meltdown & Spectre webcast by playing the media below or downloading the Podcast available on iTunes.  Subscribe to our Podcast channel and keep up to date on the latest insights from neXt Curve.

Audio replay of the Meltdown & Spectre webcast

Presentation Materials

neXt Curve Meltdown & Spectre Presentation (PDF)

Related Content & Media

by

Leonard Lee

Managing Director, neXCurve

and

Dean Freeman

Research & Advisory Fellow, neXt Curve

and

Akshay Sharma

Research & Advisory Fellow, neXt Curve

February 1, 2018

© 2018 neXt Curve. All rights reserved.

Leave a comment

Your email address will not be published. Required fields are marked *