A Democratic lawmaker on Tuesday asked major microchip makers whose products are affected by the Spectre and Meltdown vulnerabilities to provide a briefing on the newly discovered cybersecurity flaws.
Congressman Jerry McNerney’s (CA-09) letter follows recent reports that computer chips made and designed by these companies are susceptible to the Spectre and Meltdown vulnerabilities, which can be used by nefarious actors to steal users’ personal information.
“I am looking to better understand the nature of these critical vulnerabilities, the danger they pose to consumers, and what steps your companies plan to take to protect consumers,” McNerney wrote in the letter.
“The Spectre and Meltdown vulnerabilities are glaring warning signs that we must take cybersecurity more seriously. In recent years, we witnessed the largest global ransomware attack in history and the largest distributed-denial-of-service attack of its kind in history. The warning signs keep piling on, yet cybersecurity practices continue to lag far behind,” stated McNerney.
The recently announced Meltdown bug is a serious vulnerability in Intel CPUs that allows malicious programs to indirectly read information held within the kernel of the operating system via a cache-timing side channel attack.
Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs.
This might include passwords stored in a password manager or browser, personal photos, emails, instant messages and even business-critical documents.