Explainer: How chip flaws Spectre, Meltdown work and what’s next

Published 12/01/2018 in Cybersecurity, Technology

Explainer: How chip flaws Spectre, Meltdown work and what’s next
A hooded man holds a laptop computer as blue screen with an exclamation mark is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration

LAS VEGAS (Reuters) – Smartphones, PCs and servers across the world have received software updates in recent days to plug security gaps on computer chips that cyber security researchers have described as the most serious threat in years.

Researchers identified the problem last year, shared details with chip manufacturers last summer, and then made a public announcement Jan. 3.

What is the problem?

The vulnerabilities, known as Meltdown and Spectre, can allow passwords and other sensitive data on chips to be read. The flaws result from the way computers try to guess what users are likely to do next, a process called speculative execution.

Simon Segars, the chief executive of chip designer ARM Holdings, described speculative execution as the equivalent of spinning a bunch of plates in the air, with the plates holding data.

Watching the order in which the plates land lets observers infer the data, he told Reuters during an interview on Wednesday at the tech industry’s CES conference in Las Vegas.

How bad is it?

The patches, however, do not always work with other software. For example, a fix for Spectre led to issues turning on some computers with AMD chips, and a Meltdown patch for Microsoft Windows required changes from antivirus makers.

What is being done to prevent similar problems in the future?

ARM’s Segars said his company has been tweaking designs for future chips to add “maximum flexibility.”

The biggest change is adding more transistors to chips, a negligible cost, to make it easier to turn chip features on and off, he said.

Giving yourself “maximum flexibility” means it will be easier to respond to future flaw discoveries, Segars said.

Chipmakers and operating system makers must also collaborate more. “What’s important to establish there is guidelines around how to write software so you don’t run afoul,” he said.

(Corrects paragraph 7 to say Intel chips are not the only products affected)

Print article

Leave a Reply

Please complete required fields