![]() Though stark, this situation is not entirely unprecedented. As for the more recent vulnerabilities, it’s not clear yet what workarounds exist, and there might not always be a workaround that creates software solutions to hardware problems. ![]() These workarounds showed up quickly at first, but the process has been anything but smooth, and proof-of-concept code for exploiting these vulnerabilities has been seen online for more than a month. For Meltdown and Spectre, workarounds where changing the software can help block the hardware problem are still being figured out and distributed. ![]() You can’t change hardware by sending an invisible string of 1s and 0s through the air. With hardware vulnerabilities, things could be different. The patching process has become invisibly smooth, and most regular computer users never even know that there was a race on. And these days, it’s gotten pretty hard to fall behind. As soon as their fastest programmer finds a fix, it can be quickly distributed throughout the world, making the new hacking toys only useful against the stragglers who fell behind the herd. From that point on, anyone can literally point and click their way into your computer.Īlthough not much can be done for the folks who already had their bad day, the defense community, as a whole, almost always wins that race. Soon after that, it gets included in the common hacking databases. Once a few of them figure it out, one of them will write a simpler version for people who don’t understand the details so that hackers who aren’t geniuses can use it too. Some hacker genius somewhere already knows how to use the bug and other hacker geniuses start working overtime to write their own code that exploits it. That moment of discovery is the starting gun for an intense race between the defense community and the hacker community. If the researchers are really not nice and decide instead to use their exploit, then some unlucky person or organization is probably going to have a very bad day. The MasterKey, RyzenFall, Fallout and Chimera researchers were not so nice, and only gave them a day. With Meltdown and Spectre, the researchers were nice and informed the manufacturers months beforehand. If they’re nice (most are nice), they tell the manufacturers about it so they can fix the bugs. Then drone hacking was all the rage, and drone manufacturers too have implemented patches and become somewhat more secure. A couple of years ago, hacking onboard computers on cars was common, so a bunch of vulnerabilities were found and patched and now cars have become somewhat harder to commandeer. While experts are working to make and distribute patches for these bugs, the question remains: What does this mean for cybersecurity as a whole? The answer to that question starts with understanding a bit about how hackers work. This second release of attacks may be early indications that Meltdown and Spectre have opened a new front in the war between hackers and defenders in the realm of computer chips. Unlike most previous threats, all these vulnerabilities attack a computer’s hardware, rather than its software. The security community is still reeling from the discoveries of the Meltdown and Spectre computer vulnerabilities, and now it seems that a rash of new hardware vulnerabilities called MasterKey, RyzenFall, Fallout and Chimera have been found in the past few months, too. Andrew Lohn is an engineer at the nonprofit, nonpartisan RAND Corporation.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |