Spectre, Meltdown, Zombies, and You: A Primer for the Casual Techie

Spectre.  It’s not a James Bond villain, it’s not a ghost.  It’s for real, guys.  And if you own a computer or a smartphone, it has the potential to be even scarier.  Here’s what you need to know.  Microchips made post-1995 have a security flaw in them that has been found to leak memory, causing every electronic device (including computers and mobile devices) produced since 1995 to be vulnerable.  The vulnerabilities caused by the bugs in the microchips go by two names—Meltdown and Spectre—but they have the same basic issue.  Everyone could potentially be affected by leaky computer brains.  That’s HUGE.

Think of it this way:  the kernel is like your brain—it controls everything else going on in the body on some level.  Everything that the body does, on some level runs through the brain and nervous system, even your heartbeat and your breathing.  On your computer, everything runs through the kernel in order to reach your desired results (like opening your web browser or checking your e-mail).  The newly announced Meltdown and Spectre vulnerabilities that are now being reported are basically a direct threat to the kernel, much like a hole in your skull threatens your brain.

Meltdown, so colorfully named, essentially melts the layers of protection between user applications and your operating system.  In a functioning computer, memory for different applications is segregated to keep them from interfering with one another.  Think of how the brain directs the various systems in your body.  With the Meltdown vulnerability, you may intend to take a deep breath—but since the Meltdown vulnerability melted the layers of separation between systems, messages for your lungs cause you to kick your leg or twitch your finger instead.

Spectre, on the other hand, just pokes a hole between different applications.  In this example, think of your cardiovascular and pulmonary systems—each has an isolated path to the brain.  The brain gives directions for your heart to beat, and your lungs to draw breath.  You don’t want the brain to send heart signals to your lungs, or lung signals to your heart.  Those organs are not intended to do the same thing!  Spectre creates an opening that would allow an attacker to hijack the messages of your computer’s nervous system.

Essentially, both of these vulnerabilities act like a hole in the skull, allowing attackers direct access to the brain and central nervous system.  Once they have direct access to the central nervous system, the attacker can take control and make the body do things against your will.  They can insert a virus or malware and cause all sorts of mayhem within the system.  You have a zombie computer at that point.

At this point, there are no reported exploitations of the Meltdown or Spectre vulnerabilities.  However, something as serious as a hole in your skull should be dealt with immediately to avoid potential zombie-ism.  The most important thing to do in order to protect your system is to make sure that it is patched and updated, much like you would bandage the wound to prevent outside materials from entering the body.  And just because you run one update does not mean you’re done.  Due to the nature of the vulnerability, the wound will remain open, so it is imperative that you keep up maintenance.  Keep your updates current—clicking the “remind me later” button could open you up to a potential problem.  (In our example, you keep the wound clean and keep fresh bandages on it.)  Run your security software (like your anti-virus program) regularly to detect any suspicious activity as soon as possible (basically monitoring for potential infection).  With proper maintenance, you can do your part to stave off the zombie apocalypse!