Your Computer may be Spooked


Jay Park, Web Editor

   There is a critical flaw in nearly every single computer in use. Several independent researchers have started the new year with a bang by coincidentally discovering similar exploits that potentially allows a user to access all the private info of other computers freely. While this has been unknown by the public for nearly two decades, many companies are scurrying to patch the issues, but it is likely this problem will haunt us for years to come.

   The problem lies within a computer’s CPU, or central processing unit. It is the part of the computer that is responsible for calculations and carrying out instructions. Meltdown, one of the two exploits, allows malicious programs to access higher privilege memories they they are not permitted to. While processing instructions, the CPU performs what is called a race condition. It is the act of checking privileges, making sure the program has permission to access different levels of information. By combining with a side-channel attack, which directly targets the physical vulnerabilities of the hardware itself, the malware can escape its isolated confinement and reach into the operating system and running processes.

   Many operating systems map memory and processes to all address spaces, which can be accessed by a rogue program. Defending against meltdown would need to avoid mapping memory or avoid being accessed during the race condition. Removing the shortcut would slow down processes all across the board. All microprocessors differ in how instructions are carried out, meaning this exploit is universal on Intel processors especially. And clearly, Meltdown will never be detected by the computer, much less by the user, when carried out.

   Spectre, the second method, is more complex to perform, but even more difficult to deal with. Amidst the race for faster performance, designers of microprocessors developed a method called the branch prediction, which would predict and carry out functions even before they were called by the user, essentially “preloading” data to raise speed. This form of speculative execution could reveal private data to attackers.

   While this form of breach could be prevented, that would mean taking out branch prediction, which have shown to slow down computer speeds by 5 to 25 percent according to Intel. But the real problem is dealing with the entirely unique classes of attacks possible by Spectre. Two to three variations of it have been detected and patched by teams, but it is unsure how many more there will be to fix, and whether or not they can be dealt before they are used maliciously.

   These bugs affect Intel, AMD, ARM processors, of one of which is in almost all modern computers. Even more interesting is that it can affect Amazon Web Services, which are server farms. A hacker could use the cloud services to peer into other computers over the Internet.

   Many large corporations have been pouring out fixes for these vulnerabilities, but it is probable that they are just band-aid or placebo fixes to avoid public backlash. No party is sure if there will be any more future bugs as massive as Spectre and Meltdown lying dormant insides each computer. As these two exploits have shown, no one is necessarily safe. Every action we have performed on the computer have been recorded and has probably been leaked to shady organizations who have no qualms with using that information however they want.

   The technology industry as a whole has received a setback. This incident serves as a reminder that in our pursuit to better and further technology, there will be people willing to break into innovations if they are not protected well enough. Previously, bugs were reduced to a singular company and program. As technology centralizes, companies will have to work in unison to prevent future Meltdowns and Spectres. This is the first major event that really proves how young the computer industry is, and it highlights the turbulent future ahead of its users.