Meltdown and Spectre – The big CPU cyber security scare

skull-and-crossbones-meltdownWhat’s the easiest way to tell if a tech security issue is really worth worrying about?

We reckon there’s a relatively simple rule to follow when answering this question – it’s when the technology industry and authorities alike openly begin referring to a bug or vulnerability using a distinctly ominous sounding name.

Using this approach we can say beyond any doubt that the news today has delivered something of a ‘double whammy’ on the information security front with many major outlets, including the BBC, reporting the emergence of Meltdown and Spectre.

Now, if they aren’t labels to strike fear in to the heart of tech consumers everywhere then we don’t know what are! (That, or it’s a hotly tipped new duo about to drop the hottest grime track of 2018. You decide. – Ed.)

Are these new vulnerabilities really as scary as they sound though? 

Well, it’s often easy just to write off the latest technology fear as yet another scare story which never actually results in the nightmarish outcomes predicted by doomsayers in the media. This has been the case amongst the public ever since the Millennium Bug failed to bring civilisation crashing down, leaving us all with large stocks of tinned food and a distinct feeling that the experts didn’t really know what they were talking about.

spectre-ghost-in-machineIn an era now where shunning expert opinion seems to have become the norm though, we really do think the Meltdown and Spectre vulnerabilities warrant being taken seriously. The consequences of not doing so could be truly disastrous.

The main reason for this is the potential reach of the combined security vulnerabilities with Meltdown and Spectre affecting the global leaders in CPU computer chip production. Meltdown affects almost every desktop machine, laptop computer or cloud server using an Intel CPU, while the threat of Spectre could be even more widespread with smartphones, tablets and computers using CPUs produced by Intel, ARM and AMD potentially affected.

In short, just about everybody is likely to be at risk from one or the other (or both). neatly summarises the vulnerabilities when it says:

“Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory. Spectre tricks other applications into accessing arbitrary locations in their memory. Both attacks use side channels to obtain the information from the accessed memory location.”

Spectre ring

Spectre – Not this one but just as scary.

There is therefore no limit to the type of data at risk on a machine when infected by a malicious application developed to target either the Meltdown or Spectre vulnerabilities. Highly sensitive data and credentials (passwords etc.) are potentially sitting ducks to cyber criminals if they are able to capitalise on the security flaws.

The good news is that the various technology giants supplying major operating systems globally will have been the first (non-malevolent actors at least) to have uncovered and been informed on the vulnerabilities, likely many months before the public became aware.

This means there has been time for security updates and patches to be developed and Microsoft, Apple, Linux and Google (Android OS) have confirmed they have already issued or will soon be issuing wide-ranging fixes. Despite this, it is also worth mentioning that when it comes to Microsoft Windows, the World’s most used operating system, that anyone using an OS older than Windows 10 will remain vulnerable as patches will not be issued for these.

There has been speculation amongst some tech insiders that the updates required to patch the holes that Meltdown and Spectre leverage will affect CPU performance – it’s even been suggested the discovery of these vulnerabilities will force a fundamental rethink on how CPUs are designed and made – although this is as yet unconfirmed.

The reality is though that nothing should be placed above the importance of data security in the here and now. So, if there’s one thing you take from this article let it be this (and excuse the shouty bold capitals but we think it warrants it):


Oh, and one last thing – don’t have nightmares now readers.

For all the latest on developing cyber security stories and the news from DCS be sure to sign up to our mailing list in order to receive our monthly newsletter.

Related Posts
AlphaSights select Sage 200 and focus on future success with dcs

AlphaSights is a business that understands the importance of strong relationships and finding partners with the industry knowledge required to get a job done. In fact, as the ‘the world’s knowledge partner’, their business is built on this understanding. It was only natural then that this philosophy of finding the right partner was deployed when...

Cyber Security Insurance – Are you covered?

If, like me, you have been reviewing insurance renewals recently, you will probably have seen the increasing recommendation to protect your business with cyber liability insurance, if you haven’t already taken this cover.  Cyber insurance products have evolved significantly in recent years and offer genuine protection to a business, but you must be sure of...

DCS to guide businesses on essential steps for growth in the best region for SME growth

North West support for SME growth   Over the last 18 years the private SME business sector has grown by 63% in the UK. The North West has been recognised as one of the most attractive regions for this growth with more that 47,000 SME businesses launching in the area in 2017 – this was...



Subscribe to the DCS Solutions Newsletter

Join our mailing list to receive the latest news, views and updates from our team.

You have Successfully Subscribed!