What do we first look for when buying a PC or laptop? Of course, on what processor is installed in the device: its performance, year of manufacture, energy efficiency. At the same time, security problems, which experts constantly talk about, do not interest us at all. Intel and AMD processors have their own nuances, due to which security gaps appear. Where do they come from at all? What to do with them? Let’s talk about the vulnerabilities of modern processors.
We share useful information about processor vulnerabilities
Content
- 1What is a processor vulnerability
- 2Processor vulnerabilities
- 1What does Meltdown mean
- 2What is Specter
- 3How hackers break bank cards
- 4How to protect your computer from hacking
What is a processor vulnerability
Why do processor vulnerabilities appear?
I’m sure you often read the Technology section on your favorite news site, glance at our Telegram channel , and often come across articles describing a vulnerability found in AMD or Intel processors, which the developers later fix by releasing updated software. What is it?
Уязвимость – это ошибка в процессорах, которая приводит к возможности несанкционированного доступа к кэшу.
It is actively used by cybercriminals, extracting confidential information (logins and passwords). In 2018, experts from Google Project Zero discovered two large-scale vulnerabilities in almost all modern processors, calling them Meltdown and Specter.
Processor vulnerabilities
The two vulnerabilities have a lot in common
Processor manufacturers leave security holes while they chase system performance. Avoiding these errors reduces the speed of task execution due to the fact that operations become more complex. AMD and Intel are most likely aware of this, but keep silent until another leak or scandal happens.
What does Meltdown mean
This vulnerability has arisen as a result of the fact that modern processors are able to process instructions out of turn. This speeds up the processing of the code, but often the processor processes the code with an error, and only then determines that it should not have been executed. This is exactly what happens when instructions are executed out of order. The results of this operation don’t go anywhere, but they leave traces in the processor’s cache. They can be extracted – just from there, confidential data is taken, which falls into the hands of fraudsters.
Recently Meltdown began to be found in the most current models of processors.
How does this happen? The program requests access to data in memory. For example, to retrieve the remaining password there. But he gets the answer that access is not allowed. At the same time, due to the fact that the operation is performed out of turn, the password is still loaded into the cache, from where it can be obtained.
Уязвимость Meltdown возникает из-за попытки выполнить недозволенное действие.
What is Specter
This vulnerability is similar to Meltdown, but arises due to the fact that the processor is able to predict the sequence of actions: that is, after action A, action B comes, and he manages to do B even before the results of action A. all is well, then the processor abandons action B and proceeds to action C. This sequence speeds up the processor, but it all depends on learning the system. Even if the system cancels an action, information about it remains in the cache, from where, as in the case of Meltdown, it can be retrieved.
There are no universal protection methods – you need to stay tuned
The vulnerabilities affect processors from all manufacturers: Intel, AMD and all based on the ARM architecture. But on publicly disclosed issues, Intel is mercilessly ahead of AMD. Therefore, AMD is passive in fixing holes, and Intel is constantly fixing them. By the way, the Russian processor Baikal is not affected by Meltdown and Specter, unlike the same Cortex A15, A57 and others built on ARM.
Еще о безопасности: Могут ли через NFC украсть деньги
How hackers break bank cards
Vulnerabilities are dangerous because important data can be stolen: account passwords, banking information, etc. Information security companies are constantly seeing a rise in malicious applications that try to exploit Meltdown or Specter. Some fraud methods do not depend on the installation of programs and work directly in the browser. The danger can be represented by ordinary advertising on a familiar site.
Try to be more careful with unfamiliar sites and even acquaintances
Unfortunately, there is no unambiguous answer to the question whether the special services know about these vulnerabilities. All manufacturers have the same answer that they can neither confirm nor deny the information. Apparently, the truth is somewhere in between. Nonprofits are not very good at keeping track of their secrets. This means that it would have been known for a long time. And the developers would fix everything so as not to raise too much noise. You can find even more information about security in our Yandex.Zen . Don’t forget to subscribe!
How to protect your computer from hacking
In this situation, it is important to promptly install software updates that the manufacturer releases. Yes, they are often annoying, but this is important, because the updates contain important bug fixes. If the next time you turn off your computer, you see “Refresh and shutdown”, do not be lazy to click on this button. Unfortunately, there is no universal way to protect against this, it all depends on the processor microcode update, which manufacturers are responsible for. Look for the latest information on the manufacturers’ websites, most likely in the “Downloads” or “Support” sections.
Updates are the best protection against data loss
Security gaps remain as a result of manufacturers speeding up their components while neglecting security. It is impossible to work only with iron, improving it very often. Ordinary users can only watch the updates and install them on time.
