It was only a matter of time of course before malware would begin attempting exploitation of the Meltdown and Specter vulnerabilities across billions of computing platforms worldwide.
A few considerations when examining the scope of the issue:
- This affects most Intel CPUs released over the past two decades and some ARM and ADM CPUs.
To date, Intel has been unsuccessful in patching Meltdown and Specter without incurring performance, stability and accompanying data loss issues.
- The sheer volume of affected mobile, PC, server, IoT, and appliance-based platforms is beyond counting.
Assuming that successful “Meltdown/Specter” malware will eventually hit the wild what are the consequences?
The number of mobile and consumer grade devices will be in use for many years to come that will never see an update from the manufacturer, and will be exploitable, is staggering.
Consider all the mission critical network appliances and IoT devices that will...
Never see a patch and become exploitable because the vendor is unable to successfully patch or simple doesn’t exist anymore.
Successful patches applied to effected appliances will almost certainly degrade appliance performance. Many appliances won’t be functional or usable under that degree of performance degradation. It might be economical to live with the risk of exploitation until the next budget cycle.
IT administrators with already strained server-based infrastructure that needs to last a few more years, may be hard pressed to choose between accepting vulnerable server-based infrastructure that needs to last a few more years or securing that same infrastructure and taking the performance hit with all that it implies from a workflow and possible revenue impacting perspective.
So far, there are no good choices available other than carefully considered cyber security consultancy that strike the balance between two seemingly bad options.
To read more please see the following resource: