BRADES, MNI – Almost every personal computer, smart device and smart phone manufactured since 1995 is reported to be vulnerable to at least one of the newly discovered Meltdown and Spectre computer hardware security threats. This is because, in an effort to speed up computers, designers put in miniature assembly lines inside microprocessor chips, which are the heart of modern digital technology. These “assembly lines” for instruction execution, termed pipelines, then led to speculative and out of order instruction execution.
That is, several instructions are being processed at the same time, like cars on an assembly line. Some of these instructions are guessed at, and if the computer does not “branch” in that direction at a decision point, the wrong work-in-progress instructions are discarded.
As a result, in modern digital equipment instructions are fetched, decoded, executed then if they are the right ones, committed to. But to go to such speculative execution, the computer has stored information about its core state, and if attacking malware (viruses, worms etc) can inspect or guess at the information before it is erased, it can then infer the processor’s state and take over. For instance, if data comes from a “cache” rather than “main memory,” it will be come up much quicker. However, that is also a clue that private information may also be included in what is cached. Private information can then be readily stolen or the machine can be turned into a zombie under rogue control.
And, leading IT industry figures have long warned the public that if something so obviously valuable as powerful software or information services are “free” then YOU are the product being sold to someone else. If we are lucky, as marketing research statistics. If we are not so lucky, our personal identity, Internet, social media and online shopping patterns – as well as our secret information – are for sale “to the highest bidder.”
Where, yes, the dodgy sites and social media services out there are obviously even more dangerous now. But we must not think that just because we deal with big name legitimate firms we are safe and 100% protected. Meltdown and Spectre are absolute proof of that. And for sure, when we sign up to those terms of service “nobody” bothers to read, we are often signing up to at minimum being used for marketing research.
Meltdown is so far peculiar to the Intel family of microprocessors. This means it is a problem for most Windows, Apple and Linux computers.
Spectre is a more generic problem that affects processors made by Intel, Advanced Micro Devices [AMD] and the ARM family. Intel and AMD processors are used in computers (including Apple machines) and ARM is used in many cell phones and other smart devices
Spectre is apparently much harder to solve than Meltdown.
As we go to press, special free software patches have been released, and it is believed that most of the time they will have minimal impact on performance. However, in some cases half the previous performance may be lost. Also, Intel has had to patch its initial patch as there were problems such as repeated re-booting. Even industrial machines with embedded microprocessors are vulnerable.
Obviously, everybody in Montserrat should make sure to get the security updates with the latest patches.
But, what about the opportunity?
Software patches will do for now, but for cloud and web based server applications etc, there will predictably be a wave of new processors with hardware fixes. Hardware fixes are going to be faster. We can expect to see that in maybe one to three years. So, we can expect a wave of new investments in server farms, back office services, call centres etc. When that happens, people will reconsider what they are doing and a small fraction will be open to wider changes.
Over about the same period, Montserrat should have fibre optic cable access and we will be looking to bringing in highly reliable geothermal energy based electricity. So, if we can get just a sliver of the new investments it can make a significant difference for our economy. Something, to bear in mind.
