Secure enclaves and root of trust are not enough. Hardware vulnerabilities affect the security of automotive, medical, and IoT systems.
eetimes.com, Jun. 06, 2019 –
In January 2018, computer security researchers disclosed two critical processor vulnerabilities that malicious programs could exploit to leak secure data: Meltdown and Spectre.
The engineering community and the public at large are accustomed to software vulnerabilities requiring frequent app updates or installation of operating system patches. These were different – hardware was the culprit, and hardware is not cheap to update.
The only practical approach is to release new software that, at the cost of making the system slower and less energy efficient, masks vulnerable hardware functions or avoids their use. Meltdown and Spectre sparked a series of investigations into hardware security.
Researchers already unveiled numerous more vulnerabilities, including Foreshadow, ZombieLoad, RIDL, and Fallout. These hardware flaws compromise the security of personal computers, smartphones, and even the cloud.
Click here to read more...