Vulnerabilities Case Study: Meltdown and Spectre

The Meltdown and Spectre chip hacks from 2018 provide examples of hardware vulnerabilities being exploited by cyber criminals. These hacks affected PCs, tablets and smartphones across the world, taking advantage of flaws in microchips designed by Intel and ARM, who manufacture for almost the entirety of the global market. The microchips being so universal meant that the vulnerability and subsequent hack affected so many. 

The Spectre vulnerability allows parts of the memory of a program to be read, while meltdown is a vulnerability which allows all memory in a given system to be read. Both Spectre and Meltdown were extremely dangerous, and came in many variants. If exploited, the flaw would give cyber criminals access to bypass security systems used in almost all recent devices designed throughout the last couple of decades. Through the flaw allowing for reading of system memory, malicious actors could potentially access passwords and other important data. 

Fortunately, companies such as Microsoft, Google and Apple responded quickly, working to update customers on which devices had been affected, and creating updates to mitigate the issues. The nature of Meltdown and Spectre being issues at the hardware level means that the vulnerabilities cannot be ‘fixed’ as such, however most companies released software updates to patch around the problem.