Business 11 months agoVince Dioquino
Meltdown & Spectre: What you need to know as a crypto user
In a responsible disclosure posted Wednesday, security researchers from Google’s Project Zero working on the recently revealed Meltdown & Spectre attacks have issued warnings to all users from different industries who are using Intel, AMD & ARM processors. The highlighted threats reveal possible ways in which hackers may access privileged data in any device running processors from these manufacturers.
MELTDOWN & SPECWHAT?!
Modern processors, or at least those built from 1995 onward perform “speculative execution,” a process in which they anticipate a layer of instructions based on a previous memory of related commands stored in the kernel level. Processors do this to maximize performance by avoiding repetition and execute the instructions before they are verified as necessary.
Essentially, the processors are doing guesswork over what should happen to data. If they get it right the first time, there’s no problem. If the processors make a wrong guess, the results are thrown out and they go back to executing the correct set.
The Meltdown & Spectre exploits may be initiated from remote or physical instances, compromising a computer’s memory architecture to access previously protected areas, while also decoding and reading privileged data without permission. This access to sensitive data embedded into a computer’s security provides leverage to a potential hacker, who may use the info extracted for financial gain, as is the case with recent hackings in the crypto sphere.
WHAT TO DO THEN?
What does this mean for people who use cryptocurrencies?
While alarming at first glance, these vulnerabilities can be mitigated by ensuring that best practices in crypto security are implemented (in this case, #6 is most important). Short and simple: all access to user wallets should be provided with industry-standard authentication protocols, and private keys should remain private, or even stored mnemonically, where possible (here’s a tool you may use if you’re using weak passwords/keys).
While the vulnerabilities have been identified as early as June last year, the researchers had to gather enough data to properly execute the disclosures to the major processor and chip manufacturing companies involved (here are links to the initial responses from Intel, AMD, and ARM) without raising the alarm and inordinately informing hackers looking to exploit it for malicious purposes. Apple and Microsoft, who both make use these chips for their devices, have also responded with official statements.
Prior to the leakage of discrete info on the matter, a coordinated release of security patches was scheduled by the security researchers for January 9, 2018. However, as a report by The Verge notes, the patches are estimated to impact on the processors, with a range of between 5 to 30% decrease in overall performance for affected devices. This led end users to ponder whether the updates were worth it. Recent benchmarks of devices updated with the security patches show that a category average of 17% in performance decrease may be seen across devices and platforms once patches are installed and systems are updated.
Major tech firms, as well as blockchain-based and cryptocurrency businesses like mainstream exchanges, have been scrambling for the past days to find adequate patches to curb the critical flaws which affect processors constructed with proprietary architecture. Cloud-based services and execution platforms will suffer the most, though. Because of the lucrative prospect that Amazon Web Services, Google Cloud, IBM, and Microsoft Azure represent with their suite of enterprise platforms, hackers looking to exploit Spectre, specifically, will be tempted to glance at crypto wallets provided by exchanges, as well as vulnerabilities in devices connecting to hardware wallets.
Steps to mitigate the vulnerabilities have been a primary cause of concern for the tech world in general for the past few days, especially leading to tensions in the issue of net neutrality, with the cryptocurrency industry joining the fight.
CERT, an arm of the U.S. Department of Homeland Security, issued these official descriptions of the side-channel attacks and how they work, advising users across different platforms to update their systems accordingly. In a recent report, however, Microsoft has paused its updates after reports of bricked devices.
For the technically inclined, a summarized description of how these exploits work can be found in this informative Twitter thread by user @gsuberland, an independent security researcher. You may also search through this repository of CPU security bugs caused by speculative execution.
Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper. Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.
Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Satoshi Vision (BSV) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BSV is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.
Business 4 hours ago
Swiss executive government wants laws more suited to blockchain
The Swiss Federal Council believes that the country’s laws could be better adapted for integrating blockchain. In its report, ‘Legal basis for distributed ledger technology and blockchain in Switzerland,’ the council said that the existing ...
Business 5 hours ago
2 crypto investment projects face 90-day suspension in Italy
For precautionary reasons, Italian securities regulator Commissione Nazionale per le Società e la Borsa (CONSOB) has suspended two projects that were reportedly offering fraudulent crypto investment schemes in the country. Effective Dec. 12, Bitsurge Token ...
Business 13 hours ago
France: AMF blocks four more crypto firms
The Autorité des marchés financiers (AMF), the financial authority in France, warned the public against unauthorized investment offerings in the country. According to the announcement, the financial authority stated that they had blacklisted four more ...