Remember the Spectre software security hole? There’s some bad news, according to NewScientist:
A critical security flaw affecting computers the world over is here to stay, and there isn’t any software that can properly safeguard against it. That is the conclusion of engineers trying to fix a vulnerability in processing chips known as Spectre – and it is leading to a rethink of the way that computers are designed.
The exact nature of the vulnerability isn’t disclosed, but here’s a hint:
Spectre takes advantage of a feature of computer chips known as speculative execution. To speed up processing, chips make guesses about future calculations, which are then discarded if incorrect.
We still don’t know exactly what information can and can’t be stolen, so while software fixes have seemed to work well so far, it is impossible to know whether they are actually effective, says Paul Kocher, a cybersecurity researcher who initially helped find Spectre.
Possibly the discard of the result of a calculation. But then you’d expect it’d be fixable in hardware. The report makes it sound like it’s a fundamental vulnerability, though. I’m a little too busy to dig into the technical literature.
Perhaps future chips will come with an option for using the vulnerable optimization. Nothing like confusing end users just a little bit more. Or perhaps the vulnerability can be monitored for utilization, and if a maleficent actor seems to be using it, the optimization is turned off, and the operating system notified.