Mobile mitigations for Meltdown and Spectre: A guide
Meltdown and Spectre are two critical vulnerabilities recently identified in modern processors. These vulnerabilities can allow unprivileged users to access memory belonging to other processes, including the kernel.
Much of the initial coverage of these vulnerabilities centred on desktop, server, and cloud systems, but they affect mobile devices as well. Apple, Google, Linux distributions, and Microsoft are now releasing patches to mitigate these issues.
How the exploits work
Meltdown and Spectre are hardware vulnerabilities that allow a malicious process to gain unauthorized access to memory. Meltdown enables attackers to read the sensitive data of other processes or virtual machines. Spectre allows an attacker to induce a process to reveal data stored in its own memory.
Because both are hardware vulnerabilities, they can be exploited across operating systems, unless the operating system has taken specific steps to prevent them.
Modern processors operate much faster than system memory (RAM), so they use a clever technique called ‘speculative execution’ to avoid waiting on RAM. Essentially a processor will guess the outcome of a calculation and proceed as though that is the correct answer until the actual outcome is available. When the actual calculation is finished the processor checks to see if its guess was correct. If not, it throws away the temporary work and tries again with the correct outcome.
And this is the critical bit; during speculative execution, all work is kept in a temporary space that is not supposed to be visible to programs running on the system. However, both Meltdown and Spectre can enable an attacker to identify which data the processor examined during speculative execution. Then, through a series of careful manipulations, an attacker can access the contents of memory.
Risk mitigation for mobile devices
Meltdown and Spectre, like WannaCry several months ago, reinforce the importance of keeping your software up to date. With WannaCry, proactive patching would have mitigated the risk for most companies. With Meltdown and Spectre, IT administrators should be ready to update their software asap when patches, many of which are now available, are released by the developer of the operating system.
Patch early, patch often
To avert similar widespread damage IT administrators should be ready to update their software as soon as the patches are available and not take the view that ‘it won’t happen to me’ because it does and it will.
In fact, with this in mind it important to patch early and patch often so as not to leave systems exposed. Most operating system vendors have already pushed out patches for the Meltdown flaw, while Apple’s Safari and Google’s Chrome have both been updated to mitigate many of the effects of Spectre.
Tiered device compliance
IT administrators should be leveraging their enterprise mobility management (EMM) solutions to identify vulnerable devices. An important component of EMM is tiered compliance, which helps IT administrators mitigate the risk of the Meltdown and Spectre flaws.
Using this capability, administrators can push out notifications to users to update their device to the desired operating system version. If the user doesn’t do this an administrator can either wipe company data from the device or block access to company servers. This protects data from being compromised before a device is patched.
Blocking malicious apps
Similarly, malicious apps need to be guarded against. Hackers are by definition a cunning breed and malware-loaded apps designed to exploit the Meltdown and Spectre processor flaws may already be on the drawing board. Am EMM solution can be configured to disable untrusted app stores, a path that many malicious apps take. If you’re running an app reputation service, then you can also identify and blacklist ‘dodgy’ apps.
Reducing password and data exposure
Finally, it’s important to note that these processor vulnerabilities can also be used to steal data, including passwords. Ensure that unmanaged or unpatched devices can’t access back-end services. This reduces exposure from compromised credentials by validating that the devices and apps accessing your infrastructure are secure, managed, and authorized.
Meltdown and Spectre are serious threats and have quite rightly generated panic across enterprises, chip vendors, and operating system providers.
Could better security-by-design principles and processes have prevented these vulnerabilities? Maybe. The only certain prediction is that there will continue to be unexpected vulnerabilities and exploits for as long as there are processors, software, and computers to attack. This is why the best defence is always a proactive approach to security – keep systems up to date and be prepared to quickly take mitigating actions when threats do appear. An enterprise mobility management (EMM) system is foundational to this defence.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.
- » Why 2019 will be the breakthrough year for AI-assisted application development
- » A guide to implementing artificial intelligence for the small to midsize business
- » Why the Internet of Things and DDoS attacks are a match made in heaven
- » How Tangoe has taken the acquisition of MOBI and is revamping its mobility roadmap
- » Why SIEM alone is not able to stop insider threats