Meltdown and Spectre – How to Handle the Phishing Scam and Other Problems

The most talked about hardware issue in the news right now is the “Meltdown” (CVE-2017-5754) and “Spectre” (CVE-2017-5753 and CVE-2017-5715) exploits. Nearly all the computers around the world are affected by one or both bugs. All the big-name software and hardware vendors such as Microsoft, Apple, and Google have been hard at work crafting a fix for this potentially damaging issue. Some patches are available while others are on the way.

Meltdown allows malicious programs to gain access to higher-privileged parts of a computer’s memory. Spectre steals data from the memory of other applications running on a machine. Meltdown is said to be limited to Intel, but Spectre has been exploited on ARM and AMD as well.

While programs typically aren’t permitted to read data from other programs, malicious programs could exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs, which include your passwords stored in a password manager or your browser, personal photos, emails, instant messages and even business-critical documents.

Meltdown breaks down the most basic of walls between user apps and the operating system. It allows a program to access the memory of other programs and take its secrets. Spectre breaks the isolation between apps, allowing hackers to unexploited apps into leaking information.

What Happens to Your Data

When modern Intel processors execute code, the code reaches a pre-programmed point in the algorithm. Instructions branch out into two different directions, saving time by “speculatively” venturing down these forks. So, in other words, they take a guess and execute instructions to get a head start. If the processor learns that it went down the wrong path, it jumps back to the fork in the road and throws out the speculative work.

A hacker could trick a processor into letting their unprivileged code sneak into the kernel’s memory by using speculative execution. When the processor throws out the temporary data, it jumps back to the fork. Making data retrieval difficult. It does temporarily store this information in the computer’s cache. With some clever code and patience, a hacker could easily find and steal the data in the cache, giving them access to personal information, passwords, and more.

While Meltdown and Spectre require access to your system, hackers have various ways to gain access. Already hackers are using phishing emails to trick users into giving them access. They send out an email claiming to contain a patch for Meltdown or Spectre. Instead, the email installs malware on your system. This malware gives the hacker access to your system, allowing them to exploit the bugs and take the unprotected data.

Now What?

As an MSP or IT Services firm, how do you handle the inevitable influx of customers calling with concerns that their systems may be vulnerable? Techies like us understand how this works and how to avoid falling prey to a scammer looking to exploit this vulnerability. But what about the average business owner? Some things to keep in mind are:

• First, vendors like Microsoft and Google are already rolling out patches for these exploits. Some antivirus software isn’t compatible with the new patch and could become an issue for some. Also, remember that antivirus doesn’t protect against this vulnerability.
• Second, customers may notice that some services are running slower than usual. It may not be the sign of a bigger problem. It could be a side effect of the provider is taking steps to fix the problem. There have already been reports that cloud services may experience some slowdown to mitigate the issue. While it’s still too early to know exactly how significant the slowdown will be, some researchers are saying it could be as high as 30%.
• Third, be wary of social engineering scams like phishing emails. Hackers are all too eager to take advantage of problems like this, and unfortunately, some people are so eager to fix the problem that they might not realize that the “patch” they just clicked on is now allowing a hacker to steal all their data.
• Fourth, Spectre has been identified to affect ARM, AMD, and Apple chips, found inside the set-it-and-forget-it Internet of Things devices like iPads and smartphones, and where the Spectre issue might linger the longest.
• Fifth, the information we have points to a human problem. Last summer the bugs came to light, but the news was broken suddenly this month when Google determined that someone may have been leaking the information. Which happened before patches were ready, so now manufacturers are scrambling to get the fix out.

Because the affected system needs malware running to use the exploit, there is still time to retrain customers on proper cybersecurity and training on how to spot phishing scams. This issue of Meltdown and Spectre potentially will be around for a while.