Malware, ransomware, spyware, and other forms of cyberthreats are reliant on software as a delivery system. It can be a website, it can be an app that spies on you, or it can be a piece of software you have downloaded or have purchased from a site a friend said “has the best deals.” Software makes for an optimal delivery mechanism as we rely on software to get done what we need to get done on a computer. However, the more we as a society grow accustomed to technology and its fallibilities, the harder it becomes for cybercriminals to catch users off-guard.
This is where cybercriminals think innovatively and start to look at the computer itself.
What seems to be a trend with cybercriminals concerning hardware is looking at the chips in all different makes and models of computers. These new vulnerabilities are, ironically, not that new as the vulnerabilities reside in hardware employed in computers that offer “predictive execution” as a feature. When a computer offers predictive executive, the chips installed “guesses” what your next process will be. Since the predictive execution is correct about 80% of the time, the chips’ ability to perform the predictive execution function improves processing. The improvement has been measured at a 30% improvement in performance. Impressive as that is, the problem is while it is doing predictive execution, your data is vulnerable. For example, what if the next function your chips foresee is a password, or perhaps a credit card or bank account? You can see how this vulnerability could prove quite lucrative for cybercriminals.
Perhaps the easiest solution to this would be to remove the predictive execution feature; but the trouble is that if you stop predictive execution, you slow down the chip. Would you want to give up 30% of your processing power? Me neither. Neither would the majority of the general public. Security is important, sure, but at the expense of a computer’s performance? Let’s not get ridiculous here.
Now patches optimized for various platforms for the recently discovered Spectre and Meltdown vulnerabilities have been deployed. Google has detailed how it managed to address these threats on its cloud services such as Gmail and Search before the public even knew about them. This vulnerability concerning hardware, though, is a double-edged sword. There is a solution on hand, but consumers would not take too kindly to a 30% loss in efficiency.
There is an alternative solution in the works, though, that could solve the issue. Software engineer Paul Turner has created Retpoline, antivirus software that protects the computer from the predictive execution commands without slowing down the machine’s processing speed, sop there is a ray of hope for that. According to Google, this set of hardware vulnerabilities has proven the most challenging and hardest to fix in a decade, requiring changes to many layers of software. This recent vulnerability also demanded broad industry collaboration since the scope of damage was so widespread.
Over time we’re going have to update all our systems at a hardware level, and that’s being rolled out now. So watch for that.
A research physicist who has become an entrepreneur and educational leader, and an expert on competency-based education, critical thinking in the classroom, curriculum development, and education management, Dr. Richard Shurtz is the president and chief executive officer of Stratford University. He has published over 30 technical publications, holds 15 patents, and is host of the weekly radio show, Tech Talk. A noted expert on competency-based education, Dr. Shurtz has conducted numerous workshops and seminars for educators in Jamaica, Egypt, India, and China, and has established academic partnerships in China, India, Sri Lanka, Kurdistan, Malaysia, and Canada.