EFFECTS ON COMPUTER, WHAT YOU NEED TO KNOW.
We’ll give it to you straight: There is bad news and good news about Meltdown and Spectre, the two new computer vulnerabilities. The bad news is that the flaws are serious, complex, and have broad implications across the industry, and the good news is that the only thing that you, a typical smartphone and computer user, need to do is make sure the software running on your devices is up-to-date.
These vulnerabilities concern security experts because they have their roots in the very design of the processor that powers your gadget. Unlike some security issues tied to a specific operating system, like an older version of Windows, these are not. It also affects the serv
ers run by big companies like Amazon and Google, which need processors to run.
“The idea of a fundamental vulnerability in CPUs is something that is probably one of the scariest things that you can imagine, because of how vulnerable that can make so many systems,” says Shuman Ghosemajumder, the CTO of Shape Security and a former product manager at Google who focused on click fraud. “In some ways, it’s almost surprising that we haven’t encountered anything quite like this before—but these particular vulnerabilities have actually existed within CPUs for many years now.”
So what are they?
To understand where these security weakness stem from, it helps to know about a process that chips use called speculative execution. Speculative execution is typically a good thing—it helps processors run efficiently. In simple terms, the processor guesses what might come next as it’s computing and does some work in advance to get ahead, in the likely chance that it is right and that work will come in handy. Think of it as doing tasks in your free time that you’re very sure you’ll need to do later, like preparing a report your boss asks for most Wednesdays.
“There’s nothing that’s inherently wrong or insecure about the idea of speculative execution—it’s all about the way that it gets implemented,” Ghosemajumder says.
Both Spectre and Meltdown leverage speculative execution to do something they shouldn’t, and both affect chips from the likes of Intel, AMD, and ARM; Spectre is considered to be the broader threat. Together, there are actually three vulnerabilities, because the term “Spectre” encompasses two different types of attacks.