In our current age of interconnectivity, an ever-growing supernet, also known as the Internet of Things (IOT), makes it abundantly clear that devices are more vulnerable to attack than ever. Hackers are becoming increasingly savvy, circumventing software-level protection by attacking the hardware components they run on. HARDWARE VULNERABILITY, therefore, refers to one or more exploitable weaknesses in consumer products, now known or later identified.
The approach of identifying and targeting a hardware vulnerability assures that regardless of what happens at the upper levels of input/output (I/O) interaction, an attacker will always have a way of intercepting the workflow and operation of modern technology. In fact, attacks at the operating system level and below are often considered to be the most dangerous and can disrupt the entire operation of a computing device.
Meltdown, Spectre and SwapGS
As with anything targeted, attackers who exploit hardware usually rely on a “go-to” set of strategies to increase their rate of success. These are usually based on common weaknesses, but can be adapted to any predilection that works in the attacker’s favor. The most prominent of these exploits came to light in early 2018 with the surfacing of the Meltdown and Spectre hacks. Both exploited weaknesses in central processing unit (CPU) chips.
Meltdown, a cross-device hack, made it possible for hackers to bridge the isolation between applications and operating systems. This means they were able to steal any information processed at the circuit-level of a device, regardless of its manufacturer or operating system. Meltdown impacted a large share of devices, and every piece of information stored on targeted machines became fair game.
Spectre was also known for taking advantage of such mechanisms; namely, those which prevented the sharing of memory between end-user programs. It targeted sandboxing features in modern devices, as well as the speculative execution of modern processors. The latter is where the vulnerability gets its name. Although originally an optimizing technique for improving a device’s performance, it was soon discovered to be a security vulnerability and classified as such.
The consensus among experts is that Spectre is much harder to implement and mitigate than Meltdown. SwapGs, which is closely related to the first iteration of Spectre (and by far the worst known hardware hack to date), had no mitigation until mid-2019. The takeaway, however, is that hardware vulnerabilities in consumer products undermine durability—even in the face of software-based protection. If a durable good is qualified by its minimum life span of three (3) years, but users of smart phones swap out their devices every year or so, a hardware vulnerability, if left unaddressed, could very well become grounds for changing this classification.
Mitigating a Hardware Vulnerability
Many vulnerabilities and unexpected flaws are baked into the actual design of said products. Given an attacker’s willingness to target the lower levels of modern computing devices, some can only be mitigated by redesigning the way hardware components function. This means that beyond limiting access to our devices, there is nothing more an end user can do.
Contrary to popular opinion, Internet-capable devices do not have to be connected all the time. This is a particularly useful point when managing systems with significant amounts of sensitive information. Coupled with the avoidance of the Internet’s most questionable parts, your device should remain nearly inaccessible to would be assailants. Finally, using genuine software and keeping it up-to-date is also helpful. Coordinated patching (which helped to mitigate the Meltdown vulnerability) isn’t available for pirated operating systems, so always make sure you’re on the right side of Internet law.