The recent discoveries of new vulnerabilities on the computer chips that power most of our computers have left practitioners scrambling to come up with solutions.
Unfortunately, as these vulnerabilities occur at the chip (hardware) level, these are more difficult to address. While operating system vendors have assembled and published updates and patches for their product offerings, it is important for each of us to act responsible to keep all our machines up-to-date.
But other than just keeping our machines up-to-date, what exactly causes the vulnerability?
One of the simplest explanation has come from a Red Hat Blog post where it seeks to simplify the workings around the Meltdown and Spectre vulnerabilities.
Simply put, it is a design implementation, traced way back that allows the chips to appear to work faster than it really does.
Imagine the situation as follows:
You run a pizza joint and every weekday night, at around 8pm, a young man will come your joint to order a 12 inch cheese pizza for takeout.
This goes on for quite sometime until one night, you decide to start making the pizza order before the young man arrives.
True to form, he walks in at 8pm and is quite surprised to find his order ready for takeout. He’s happy to cut down the wait time and goes off a much happier customer.
Overtime, as business grows, you start labeling the young man’s pizza takeout, writing “8pm Young Male – Cheese” on the box, just so that his pre-made order doesn’t get mixed up with the rest.
Slowly, your staff finds out his name, Pete and so the pizza box goes “8pm – Young Male – Cheese – Pete”.
All goes well, till one day, Pete comes in and orders a Veggie Delight Pizza instead!
Instinctively, you go to work on the Veggie Pizza and toss the Cheese takeout box into the bin … along with all the information that is written about the client
“8pm – Young Male – Cheese – Pete”
Doesn’t seem like much right?
Yes, that was exactly the thought all those years ago when the chip designers decided to carry out “Speculative Execution” – which is, based on past experiences, anticipate what is going to to be required and pre-fetch, pre-run the instructions before hand, in anticipation and hope that the client will be better served.
If the “Speculative Execution” was wrong, toss the data and result away, start afresh.
Nothing wrong, until someone found that they can now do something with the data and result that was tossed away.
The data and result that was tossed, did not get the “required” security treatment as it should.
Vulnerabilities explained as simply as possible!
So other than changing the chips themselves, which could be a huge cost and one probably has to wait for verification which chips are not affected, the best would be to carry out all required software patches. While it doesn’t solve the problem at its root, it does help to mitigate the likelihood of an exploit.
For a more detailed read, please visit the following:
[1] https://www.redhat.com/en/blog/what-are-meltdown-and-spectre-here%E2%80%99s-what-you-need-know
[2] http://blog.talosintelligence.com/2018/01/meltdown-and-spectre.html