2 min Security

“Spectre vulnerabilities require more than just software fixes.

“Spectre vulnerabilities require more than just software fixes.

The Spectre vulnerability continues to cause problems. Since it was found last year, many companies have released software patches to solve the problems. But it seems that software alone is not enough to provide a definitive solution.

That’s what Google researchers say in a paper they published today. The researchers demonstrate in the paper that the Spectre vulnerability that is present in many processors cannot be completely solved with software-based fixes. Until now, experts thought this was the case.

Bypassing Fixes

Just over a year ago, the Meltdown and Spectre vulnerabilities were discovered. Spectre is a hardware vulnerability that affects processors. Hackers can steal data from the CPU’s memory using specific malware. Many manufacturers released software patches in the hope of solving the problems. At the same time, Intel promised to release some hardware upgrades for new processors.

Although software-based solutions have been implemented, the researchers have managed to develop a program that bypasses these patches. That program can read anything in the same memory address. This means that the current solutions for Spectre are also inadequate and that not all problems have been definitively resolved. In their paper, the researchers write that the only real solution is to redesign the architecture of microprocessors. Until then, Spectre will “haunt us for a long time to come”.

Performance first

According to Google researchers, only one goal has been central to the development of computer systems in recent years: to improve performance. As a result, systems have become faster and more powerful. But that also made them more complex, partly because of the many ways we have to develop abstractions. That was a wrong choice, the researchers think.

We have exchanged security for performance and complexity and have not been aware of this all along. For this reason, the researchers argue in favour of a review of the architecture of microchips. The fear is that bugs such as Spectre will continue to occur in the future, unless manufacturers make specific changes to the way in which chips handle memory.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.