CORRECTED-EXPLAINER-How chip flaws Spectre, Meltdown work and what's next

From Reuters - January 11, 2018

LAS VEGAS (Reuters) - Smartphones, PCs and servers across the world have received software updates in recent days to plug security gaps on computer chips that cyber security researchers have described as the most serious threat in years.

Researchers identified the problem last year, shared details with chip manufacturers last summer, and then made a public announcement Jan. 3.

What is the problem?

The vulnerabilities, known as Meltdown and Spectre, can allow passwords and other sensitive data on chips to be read. The flaws result from the way computers try to guess what users are likely to do next, a process called speculative execution.

Simon Segars, the chief executive of chip designer ARM Holdings, described speculative execution as the equivalent of spinning a bunch of plates in the air, with the plates holding data.

Watching the order in which the plates land lets observers infer the data, he told Reuters during an interview on Wednesday at the tech industrys CES conference in Las Vegas.

How bad is it?

Affected chipmakers and large technology companies including Alphabet Incs (GOOGL.O) Google say they have not seen any malicious hackers use Meltdown or Spectre in attacks, but the vulnerabilities affect most modern computing devices.

Security analysts have said that Meltdown, which affects Intel Corp (INTC.O) chips and one processor from SoftBank Group Corps (9984.T) ARM, is easier to exploit because the program to steal passwords and other data can be hidden on a website.

Spectre, meanwhile, requires more direct access to the microchip, but affects central processing units from Intel, Advanced Micro Devices Inc (AMD.O) and ARM.

How have chipmakers and technology companies responded?


Continue reading at Reuters »