{"id":5462,"date":"2018-02-02T18:09:33","date_gmt":"2018-02-02T22:09:33","guid":{"rendered":"http:\/\/ncjolt.org\/?p=5462"},"modified":"2020-06-04T20:52:34","modified_gmt":"2020-06-04T20:52:34","slug":"digital-security-meltdown","status":"publish","type":"post","link":"https:\/\/journals.law.unc.edu\/ncjolt\/blogs\/digital-security-meltdown\/","title":{"rendered":"Digital Security Meltdown"},"content":{"rendered":"

Computers have entrenched themselves in American life. The United States Census Bureau confirmed this assumption<\/a> in 2015 when it found that 78% of American households own a laptop or desktop computer. Americans also carry around portable computers every day<\/a> in the form of either a smart phone, tablet, or other handheld wireless devices. Constantly having an internet connection makes accessing and sending information extremely easy, but it also raises digital privacy concerns<\/a>. Americans can create passwords, encrypt files, and surf the internet with an anonymous browser like Tor<\/a>, but digital information will never be absolutely secure.
\nLast year, digital security researchers at Google and various universities discovered two central processing unit bugs<\/a> that could compromise sensitive data in a massive number of computers. Intel and other manufacturers released the information to the public just this month.<\/a> The bugs, referred to as \u201cMeltdown\u201d and \u201cSpectre,\u201d affect \u201cvirtually every modern computer,\u201d<\/a> including smartphones, tablets, and personal computers. No operating systems are safe either. Both bugs are present in<\/a> various Intel processing units and the Spectre bug also affects processors made by AMD and Arm Holdings. Daniel Gruss, one of the researchers that discovered the flaw, called it \u201cprobably one of the worst CPU bugs ever found.\u201d<\/a> A small amount of Intel\u2019s modern processors, including Itanium and Atom versions produced prior to 2013, are Meltdown-free<\/a>. Unfortunately, Meltdown still affects almost all other Intel processors and Spectre affects most modern processors designed by major manufacturers.
\nMeltdown \u201cbreak[s] through the barrier that prevents applications from accessing arbitrary locations in kernel memory.\u201d<\/a> A \u201ckernel\u201d<\/a> is a program that \u201cconstitutes the central core of a computer operating system.\u201d Essentially, the kernel program allows an operating system to startup run a variety of operations and programs at one time. Additionally, kernels separate computer memory spaces from one another to stop applications from accidentally interfering with one another and to prevent \u201cmalicious software\u201d from modifying existing memory.<\/a> By breaking the kernel barrier, Meltdown allows malicious software circumvent a fundamental digital security mechanism and modify all of a computer\u2019s programs<\/a>. Luckily for all American computer owners, Meltdown can be fixed with a patch<\/a> that strengthens kernel security. However, the fix comes at the steep price of anywhere from 5 to 30% of the Intel processor\u2019s performance.<\/a>
\nSpectre works differently than Meltdown does. Put succinctly, Spectre \u201ctricks applications into accidentally disclosing information that would normally be inaccessible.\u201d<\/a> Meltdown is easier to exploit than Spectre, but since tricking applications is an \u201cestablished practice in multiple chip architectures,\u201d the latter will be tougher to fix.<\/a> Even though Microsoft has released an update for Windows aimed at curbing Spectre and Arm Holdings has released a mitigation guide for the bug, there is currently no way to completely eliminate the issue.<\/a> Completely squashing Spectre would require processing unit manufacturers to totally redesign the architecture of their products.<\/a> For now, users concerned about Spectre can only download updates, follow mitigation instructions, and hope that those procedures work.
\nIn response to the discovery and publication of these two bugs, consumers have filed class-action lawsuits against Intel<\/a> in three states: California, Indiana, and Oregon. Chris Cantrell, an attorney at San Diego mass tort firm Doyle APC, \u201cfully expect[s] there to be additional filings\u201d on top of first three. The existing filings base their claims<\/a> on the \u201csecurity vulnerability and Intel\u2019s delay in public disclosure from when it was first notified by researchers of the flaws in June.\u201d Bill Doyle, also of Doyle APC and the lead attorney representing the plaintiffs from California, even stated that<\/p>\n

\u201cthis may be one of the largest security flaws ever facing the American public.\u201d<\/a><\/p><\/blockquote>\n

Media outlets are even speculating that \u201cbig cloud service providers,\u201d like Amazon and Microsoft, will seek \u201csome form of compensation\u201d<\/a> from CPU designers like Intel. Litigation surrounding Meltdown and Spectre is only beginning, but it is clear that there is more legal trouble on the horizon for Intel and other CPU designers.<\/p>\n","protected":false},"excerpt":{"rendered":"

Computers have entrenched themselves in American life. The United States Census Bureau confirmed this assumption in 2015 when it found that 78% of American households own a laptop or desktop computer. Americans also carry around portable computers every day in the form of either a smart phone, tablet, or other handheld wireless devices. Constantly having …<\/a><\/p>\n","protected":false},"author":1,"featured_media":5463,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[51],"tags":[],"_links":{"self":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/5462"}],"collection":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/comments?post=5462"}],"version-history":[{"count":1,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/5462\/revisions"}],"predecessor-version":[{"id":6990,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/5462\/revisions\/6990"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/media\/5463"}],"wp:attachment":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/media?parent=5462"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/categories?post=5462"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/tags?post=5462"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}