Meltdown and Spectre adding to a rogues gallery of fundamental flaws in the technology
Two of the biggest stories in cyber security in 2017 were the discovery of critical flaws in the security of two widely used technologies. In September researchers disclosed the discovery of Bluebourne, a Bluetooth based attack vector which makes it possible to steal data from almost any Bluetooth enabled device. In October, the announcement that the widely used Wifi encryption standard WPA2 had been compromised due to the vulnerability named appropriately as “Kracked”. And now we have news that there are fundamental flaws in modern microprocessors which affect most computers and smartphones worldwide.
Meltdown and Spectre
Two potential attacks, Meltdown and Spectre were disclosed by researchers on January 3. They exploit fundamental flaws in a method used by all modern computers to improve performance and effects virtually all processors from Intel and some high performance ARM designs. This means in effect that the vast majority of computers and smartphones used today are vulnerable. The attacks have the potential to expose highly sensitive data such as passwords and encryption keys.
How they impact mobile devices
Smartphones and tablets running iOS and Android are potentially vulnerable to these attacks. All modern smartphones are based on ARM processor designs. However, some chip vendors such as Qualcomm, and phone manufacturers including Apple, modify these designs for inclusion in their products. While the extent of vulnerability to the two attacks is significantly less than on Intel cores, many ARM designs are vulnerable.
What you need to do
Patches are available for both Android and Apple devices. In early December Apple released iOS update 11.2. They revealed in recent days that this update mitigates against the Meltdown attack. On 8 January they released a further update 11.2.2. This included an update to Safari (which is updated as part of an OS update) to address Spectre – an attack which, as Apple assessed, is most likely to be executed on a mobile device via Javascript running in a browser.
Android Security updates for December 2017 and January 2018 include patches to protect against Meltdown and Spectre. Unfortunately, these updates only become available for individual phone models when manufacturers make them available in the coming months. In the meantime, the usual advice to end-users is to avoid sideloading apps, not to visit suspicious websites and not to click on links received from unknown sources.
How Corrata helps
Information Security professionals understand that blind faith in the built-in security architecture of any computer system is never warranted. This is one reason why a strategy of layered protections, also known as defense in depth, is appropriate. For enterprises, Corrata Mobile Threat Defense is part of a defense in depth strategy designed to protect against just this kind of vulnerability. Corrata has a range of specific features which provide protection against previously unknown vulnerabilities:
- Real-time identification of unpatched devices
- Blocking of suspicious sites, unauthorised app stores and malicious URLs
- Identification of installed malware
- Logging of device network traffic to enable rapid identification of data exfiltration in the event of a newly discovered vulnerability.
Conclusion
Information Security professionals will continue to be faced with the discovery of fundamental flaws in the technology stack which underpins enterprise operations. In the light of this, a pro-active stance is essential. Corrata Mobile Threat Defense is an easy to deploy, low total cost of ownership, high reward protection which supports such a stance in the enterprise mobility domain.