Security gap discovered in billions of processors
Spectre and Meltdown cancel out safety mechanisms
Speculative execution becomes a problem...
Probably the most serious vulnerability since processors for computers were created has been discovered. Entire generations of computer chips are vulnerable to data theft attacks. This affects both the giant of the industry "Intel" and smaller manufacturers such as "Arm" (manufacturer of smartphone processors). The chip designer "AMD" currently denies being affected by the problems, although this is also mentioned by the discoverers.
As the vulnerability lies in a technology called "speculative execution", which has been used throughout the industry for years, billions of computers with processors from a variety of vendors are likely to be affected. This technology enables the processor chips to retrieve any information required later in advance, thus avoiding delays.
The really problematic thing is that even the most complex security precautions outside the processor could become ineffective due to the design of the chip. Whether the security gap has already been exploited would not be known at present - according to the researchers. Probably this could not be determined, as the attacks do not leave any traces in log files. It is unlikely that the vulnerability on home computers or workstation PCs could become a serious security risk. Processors built into servers - especially from cloud services - could, however, be compromised and "spied out".
Solutions are (still) being worked on
Since the security gap is due to design decisions in the chip architecture, the only secure solution is the categorical replacement of the hardware at the moment. "To completely remove the vulnerability, the vulnerable processor hardware must be replaced." This is also the view of the IT security agency of the US government "CERT". Since the discovery of the complex vulnerability, the tech industry has been secretly working to solve the problem with software updates.
Contrary to initial reports that the planned software updates could result in a loss of computer performance of around 30%, the researchers stated that, according to the latest findings, this is likely to be a maximum of 2% in most cases.