Meltdown & Spectre – Part 2: The Internet of Security Risk

Meltdown and Spectre represent a new class of security threat that endangers our digital world at its core – the processor. What aspects of our digital lives, work, society and economy will be impacted by Meltdown and Spectre?

When the news first broke on Meltdown and Spectre on January 3rd of 2018, the predominant headline was that Apple’s product were vulnerable to Spectre and Meltdown, yet, they had distributed a patch back in November of 2017 for Meltdown ahead of other vendors to their installed base of over 1.5 billion plus Apple devices, with over 80% running the latest version of iOS or MacOS.  With Apple apparently well ahead of the curve in terms of addressing the security risks associated with this new processor-level threat, are there bigger thing to be concerned about?

The answer is yes.  That bigger thing is the Internet of Things, which is notorious for its current lack of security mostly due to a fragmented, multi-tier landscape of vendors and technologies, and general lack of device, software and network security standards.  Dean Freeman, neXCurve principal analyst, expressed particular concern for older IoT implementations that likely implemented a variety of endpoint device, network and datacenter compute equipment that utilized x86 chipsets that are very likely vulnerable to the Meltdown and Spectre bugs and may not run OS versions that can be easily patched.

IoT applications that can succumb to Meltdown and Spectre could be mission critical such as utilities, refineries, bank ATMs among many others.  Though older generation IoT endpoint devices apply simple intelligence and are largely limited to using microcontrollers that are generally immune to Meltdown and Spectre, IoT endpoint devices are becoming increasingly smarter and using more robust and advanced chipsets to process data for analytics at the edge.  As more of these advanced, multi-core chips that utilize speculative execution make their way into IoT endpoint devices, the Meltdown and Spectre threats will increase as will the challenge of remediating these devices as malware and derivatives of these bugs inevitably emerge.

The Meltdown and Spectre threat goes beyond your iPhone.  Businesses and consumers need to be conscious of their legacy tech, their current tech and their future tech and ensure that vendor and service providers are hardening their hardware with firmware and OS patches to minimize the risk of a new and potentially expanding category of security threat that can jeopardize the foundation of everything digital.

For more information, listen to the audio replay of part 2 of our webcast discussion on the topic of Meltdown & Spectre.


neXCurve can help you and your team develop a strategy for dealing with the new breed of processor-level vulnerabilities and the threats they pose to your organization and your businesses.  Contact us for a complimentary consultation and an overview of our advisory and coaching services.

You can listen to the audio replay of our Meltdown & Spectre webcast by playing the media below or downloading the Podcast available on iTunes.  Subscribe to our Podcast channel and keep up to date on the latest insights from neXt Curve.

Audio replay of the Meltdown & Spectre webcast

Presentation Materials

neXt Curve Meltdown & Spectre Presentation (PDF)

Related Content & Media

by

Leonard Lee

Managing Director, neXCurve

and

Dean Freeman

Research & Advisory Fellow, neXt Curve

and

Akshay Sharma

Research & Advisory Fellow, neXt Curve

February 5, 2018

© 2018 neXt Curve. All rights reserved.

Leave a comment

Your email address will not be published. Required fields are marked *