How Meltdown and Spectre can harm cryptocurrencies, users and exchanges

in #security7 years ago

Researchers from Google and some universities have discovered a bug in all Intel processors, some AMD and in some ARM processors. On their website and in their paper, they explain how the attacks work and what the risks are.

meltdown.png

What are Meltdown and Spectre?

Meltdown and Spectre are the names of two leaks that abuse the technology of speculative instructions to obtain unauthorised access to the memory file. Even passwords and highly secured data that isn't visible to the user can be accessed by an attacker. Since speculative instructions are mainly implemented in hardware, software patches are not so easy. Especially spectre seems not completely solvable with software patches.

In order to perform an attack. The attacker needs to run some harmful code on the victims processor. Something that can easily be done using a website with harmful javascript. Virus scanners and firewalls cannot prevent these attacks.

One of the biggest security risks, is for cloud services. Someone who is using a virtual server from Google, amazon,... can use some harmfull code to access the data of all users of the server. That causes huge security risks for a lot of companies that are using these services.

How can this affect cryptocurrency

1) The users

By getting access to the memory of a cryptocurrency enthousiast, it is possible to retrieve the private keys of his wallets if they are not encrypted. (and even when they are encrypted, there is a moment when they are unencrypted in the memory, e.g. for signing a transaction,...)

To perform this attack someone must run harmful code on your processor.

2) The exhanges

Imagine a well-educated attacker that manages his way to use the same service as a big exchange and ends up reaching the same server as the exchange. The attacker has the possibility to retrieve all private keys that the exchange is using. Even a different private key for every transaction doesn't resolve this problem. I don't have to explain you that it would cause a lot of trouble if an attacker could empty some funds of an exchange.

Let's hope that hardware and software designers are able to provide us security patches and tools before hackers come into the game (if it isn't too late already).

source: https://meltdownattack.com/

Sort:  

This post has received a 12.92% upvote from @lovejuice thanks to @jerre. They love you, so does Aggroed. Please be sure to vote for Witnesses at https://steemit.com/~witnesses.

You got a 28.57% upvote from @upmewhale courtesy of @jerre!

You got a 12.25% upvote from @mercurybot courtesy of @jerre!

This post has received a 21.83 % upvote from @sleeplesswhale thanks to: @jerre.

You got a 15.87% upvote from @upyou thanks to @jerre!

Coin Marketplace

STEEM 0.24
TRX 0.25
JST 0.040
BTC 94247.78
ETH 3407.39
USDT 1.00
SBD 3.45