![]() ![]() Perhaps it will be from increased diversity of chip designs or perhaps approaches to slow the spread of information from hacker genius to amateur. ![]() If we are not so lucky, then defending the herd by responding quickly to the first attack may no longer be a viable approach-but herd immunity comes in many forms. It is hard and requires rare expertise that is not as easy to come by as software hacking. So what can be done? Hopefully, the hacking community will not become enthralled with searching for hardware vulnerabilities. With a nasty hardware vulnerability, that may not even be an option. Even with Windows XP though, when a truly nasty bug comes out, Microsoft can choose to go back and patch it like they did last year for the WannaCry ransomware. Today, any computer-savvy high schooler can watch a YouTube video and learn in just a couple hours how to point and click their way to control of someone else's computer on the internet, so long as it is running Windows XP. Most people know by now that using Windows XP is not safe, but don't fully understand how unsafe it is. Some operating systems are no longer supported by their vendors, which means that any new hole will go un-patched. Though stark, this situation is not entirely unprecedented. As for the more recent vulnerabilities, it's not clear yet what workarounds exist, and there might not always be a workaround that creates software solutions to hardware problems. These workarounds showed up quickly at first, but the process has been anything but smooth, and proof-of-concept code for exploiting these vulnerabilities has been seen online for more than a month. For Meltdown and Spectre, workarounds where changing the software can help block the hardware problem are still being figured out and distributed. You can't change hardware by sending an invisible string of 1s and 0s through the air. With hardware vulnerabilities, things could be different. The patching process has become invisibly smooth, and most regular computer users never even know that there was a race on. And these days, it's gotten pretty hard to fall behind. As soon as their fastest programmer finds a fix, it can be quickly distributed throughout the world, making the new hacking toys only useful against the stragglers who fell behind the herd. From that point on, anyone can literally point and click their way into your computer.Īlthough not much can be done for the folks who already had their bad day, the defense community, as a whole, almost always wins that race. Soon after that, it gets included in the common hacking databases. Once a few of them figure it out, one of them will write a simpler version for people who don't understand the details so that hackers who aren't geniuses can use it too. Some hacker genius somewhere already knows how to use the bug and other hacker geniuses start working overtime to write their own code that exploits it. ![]() That moment of discovery is the starting gun for an intense race between the defense community and the hacker community. ![]() If the researchers are really not nice and decide instead to use their exploit, then some unlucky person or organization is probably going to have a very bad day. The MasterKey, RyzenFall, Fallout and Chimera researchers were not so nice, and only gave them a day. With Meltdown and Spectre, the researchers were nice and informed the manufacturers months beforehand. If they're nice (most are nice), they tell the manufacturers about it so they can fix the bugs. Then drone hacking was all the rage, and drone manufacturers too have implemented patches and become somewhat more secure. A couple of years ago, hacking onboard computers on cars was common, so a bunch of vulnerabilities were found and patched and now cars have become somewhat harder to commandeer. While experts are working to make and distribute patches for these bugs, the question remains: What does this mean for cybersecurity as a whole? The answer to that question starts with understanding a bit about how hackers work. This second release of attacks may be early indications that Meltdown and Spectre have opened a new front in the war between hackers and defenders in the realm of computer chips. Unlike most previous threats, all these vulnerabilities attack a computer's hardware, rather than its software. The security community is still reeling from the discoveries of the Meltdown and Spectre computer vulnerabilities, and now it seems that a rash of new hardware vulnerabilities called MasterKey, RyzenFall, Fallout, and Chimera have been found in the past few months, too. ![]()
0 Comments
Leave a Reply. |