Every now and then, we hear and read about critical security issues in the software that we use in out day to day lives. These security holes are caused by tiny bugs in the code and can lead to devastating results. People can hack into your computer, see your information, and even hold it hostage. Luckily though, we can fix these issues with a software update.
Luckily, we can fix these issues with software updates. But, on June 1st 2017, researchers working for Google’s Project Zero found two major security flaws in modern processors, which are the brains for your computers, tablets, phones, television, and what not. These flaws allow any program to read sensitive information from your memory. The bugs are called “Meltdown” and “Spectre” and because they’re so sensitive, Google decided to keep it a secret until vendors have come up with workarounds that would protect us.So you may have already of heard of Meltdown and Spectre, and how these bugs allow cyber criminals to steal sensitive information from almost any computer, mobile device, or even from the cloud. The good news is that patches have been created to protect many affected systems and products and efforts are underway to update others. A downside to these fixes is that they may slow down computer performance.
So, where did these threats come from? To answer that we must first go over some basic concepts. As you know a processor (CPU) is the brains in all our devices. A processor is responsible for executing all the instructions that our operating system and our programs give it. How fast a processor is, depends on its clock speed. The higher this is the more work your processor can do per second. So, for a while, chip-makers (such as Intel and AMD) were in a competition to keep increasing the clock speed. They however, reached a ceiling when they hit the 3 to 4 GigaHertz range. It was impossible to go any further, so chip-makers had to get creative.
They came up with the phenomenon we know today as speculative execution. To understand how Meltdown and Spectre came to be we must understand this behind the scenes process. In summary, it lets devices do some work ahead of time to speed up routine tasks, but it also creates a security vulnerability that nobody expected. Basically the processor will guess what the outcome of an instruction will be, and execute all subsequent steps in the background.