Tech giants were thrust into panic mode this week when nearly two-decade-old vulnerabilities on devices used the world over were found to be perfect leverage for Spectre and Meltdown, two threatening bugs that affect almost every connected device.
Spectre and Meltdown are data exfiltration techniques that take advantages of flaws in nearly every central processing unit (CPU) used in computers and mobile devices today. These aren’t traditional vulnerabilities that can be found in an application like Microsoft Word or Chrome. Rather, these bugs take advantage of flaws in protections around the “kernel” of a CPU’s architecture – the area where raw, unencrypted data passes through extensive –previously assumed impenetrable – defenses to block outside parties from interfering.
Each of these bugs are techniques that work around the protections guarding content passing through the kernel, unveiling sensitive personally identifiable information (PII) like passwords or proprietary information that the computer processes.
Meltdown afflicts Intel processors, targeting the barrier that stops software and applications from accessing unrelated information within the kernel – such as passwords for other apps. Meltdown makes these barriers unreliable, allowing unrelated applications to interfere and interact with data collected by other programs on the device.
While Meltdown primarily concerns desktop and laptop computers, Spectre goes a step further, infecting Intel, AMD, and ARM processors. Spectre is also a bit sneakier – rather than weakening the barrier to the kernel, like Meltdown, Spectre tricks applications into sharing collected data with each other, opening major doors for data theft when malicious actors access the CPU.
This is particularly concerning for servers that facilitate multi-tenant cloud environments. Should Spectre or Meltdown infiltrate the defenses of a shared cloud’s kernel, all tenants are privy to potential breaches that could compromise business-critical data.
The first thing users need to do is ensure their systems are updated with the latest patches from Microsoft, Amazon, Google and other cloud providers.
iboss has confirmed our systems and cloud capacity are not vulnerable to Meltdown or Spectre. In addition, because The Distributed Gateway Platform leverages a non-shared cloud infrastructure, our customers are not faced with the risks (like Meltdown and Spectre) associated with multi-tenant or shared infrastructures. iboss’ unique architecture provides the option for both non-shared virtualized and non-virtualized nodes for heavily regulated industries. Both of these options provide unparalleled protection without sacrificing control of user data.
To learn more about the benefits of non-shared cloud environments read our whitepaper “Control Your Cloud: The Pitfalls of Shared Cloud Strategies.”
Paul Martini is the CEO, co-founder and chief architect of iboss, where he pioneered the award-winning iboss Distributed Gateway Platform. Prior to founding iboss, Paul developed a wide-variety of complex security and technology solutions for clients such as Phogenix, the U.S. Navy, and Hewlett Packard. He was also a key contributor at Copper Mountain Networks working on designing and implementing FPGAs and broadband network infrastructure used by Telcos to build the cloud. His work at Science Applications International Corporation (SAIC) involved building distributed real-time systems for companies such as Rolls Royce. Copper Mountain and SAIC both launched successful IPOs. Paul has been recognized for his leadership and innovation, receiving the Ernst & Young Entrepreneur of The Year award and being named one of Goldman Sachs’ 100 Most Intriguing Entrepreneurs. He holds a Computer Science Degree from the University of California, and has had his work published in many scientific journals, including the Journal of Foundations in Computer Science and the Journal of Analytical Biochemistry.