The start of the new year is often associated with the ushering in of renewed positivity and the severing of ties to the past. The start of 2018 formed quite the dichotomy; two computer flaws that have existed for decades due to consumer culture’s imprudent fixation on faster performance were belatedly discovered this past month.
Coined Meltdown and Spectre, these two flaws take advantage of a strategy used to speed up the rate at which CPUs (Central Processing Units, which are essentially the brains of computers) execute calculations known as speculative execution. Think of this strategy as a chef in a restaurant who prepares a certain customer’s order beforehand–a customer who always orders the same meal. However, one day the customer decides to try something different, which means the chef will have to throw away what he prepared. When computers run programs, they use the same thought process; they decide to complete certain calculations that they think will most likely be needed to run a program, and if it turns out the calculations aren’t needed, the results are thrown away in an unsecure storage space. The vulnerabilities are highly complex, but in a nutshell, hackers can use the information found in this cache memory to exploit computers.
Affecting the majority of PCs (personal computers) and computer servers, Meltdown allows hackers to get past the hardware (physical) walls that normally separate applications and the core memory. Therefore, applications, and thus hackers, could obtain more information than they should be able to have access to. Spectre is similar but slightly different in that the boundaries being dissolved are program-to-program. This allows a hacker to use one program to steal the memory used by another. Perhaps the worst shared capability between the two is the capacity of both to hack the cloud. Companies like Google, Intel, and Microsoft all provide cloud services (e.g. Google drive), which serve as extra hard drives for consumers. If a person’s computer breaks, they can still access what they’ve uploaded to the cloud through the internet. In instances where cloud servers are shared amongst many users, hackers can break down software (non-physical) barriers that usually protect each user, effectively allowing them to steal information from multiple people. The situation is much worse for businesses and even government agencies that run infrastructure on the cloud; passwords and sensitive data could end up in the hands of dubious users.
The main problem with both of these vulnerabilities is that they are tough to fix: software updates called “patches” will have to be continuously improved upon to combat Meltdown, and for Spectre, the problems will only be truly fixed when new hardware is installed into computers. For the time being, what users can do currently to safeguard their devices is to update operating systems, browsers, and antivirus software; major platforms such as Amazon Web Services and Google Cloud have already released their updates. Although some headlines may exaggerate the negative consequences of the flaws, they shouldn’t be dangerous as long as you make sure updates are installed when they are released. The only problem with these software patches is that performance may be hindered due to the fact that these patches suppress speculative execution, the system that creates fast computers.
For our contemporary consumer culture that craves faster devices, Meltdown and Spectre are wake up calls. Years of ignoring the security consequences of upgrades in performance have led to the birth of two of the worst computer flaws ever. As technology further advances, hopefully we will one day be able to reap the benefits of higher performance without having security suffer, ending the performance-security trade-off that currently plagues billions of devices.