August 06, 2018

Press

In the early months of this year, public revelation of hardware cybersecurity flaws, Meltdown and Spectre, had the industry scrambling for solutions. In the latest interview with Martin Scott, CTO at Rambus, an American technology licensing company, Semiconductor Engineering discussed what these vulnerabilities would mean for the future of the Cybersecurity industry, and how the growing populace of IoT devices will affect the situations.

Though these exposures are new to the public, Scott says, experts in the field were already cognizant of it. He added this revelation will however, act like a ‘wakeup call’ for the industry, driving more innovation for more comprehensive solutions. Solutions that have become the need of the hour with the growing impact of IoT.

We have seen how novice attacks like Mirai could burgeon to cause catastrophic results in a growing environment of connectivity, and it’s not new information either. Researchers have been warning about more advanced attacks in the IoT sphere more than ever. Now, these undiscovered or rather less known vulnerabilities are multiplying the existing concerns for the coming world, where the surface area for attacks will grow exponentially. As Scotts put it, “It’s almost a bi-modal world, where you have some really sophisticated things, but you’ve also got an increasing attack surface where amateurs can go in and do bad things.”

So it’s not just the data in motion that needs more protective layers. Data at rest, too, needs to become more secure against such and other previous unknown vulnerabilities. Evidently, we need more comprehensive and scalable solutions like Azure Sphere, that are more compatible with current cybersecurity situations.

Large Scale and State Level Attacks

A recent congressman hearing brought new light on how such vulnerabilities further worsens the cybersecurity concerns of Federal Agencies. As Maggie Hassan, the New Hampshire senator said, “It’s really troubling and concerning that many if not all computers used by the government contain a processor vulnerability that could allow hostile nations to steal key data sets and information,” The gravity of the situation worsens as it becomes known that prior to public notification, US government didn’t have a clue about these vulnerabilities. Meaning chances are high that other nations were ahead with this information to exploit it. As Bill Nelson, Florida Senator, informed, “It’s been reported that Intel informed Chinese companies of the Spectre and Meltdown vulnerabilities before notifying the US government. As a result, it’s highly likely that the Chinese government knew about the vulnerabilities.”

The hearing further went on to discuss how this move by Intel of informing Chinese companies before the US government, could have consequential results for the federal agencies that are already dealing with existing cybersecurity concerns. As the report by the Wall Street Journal and Wired pointed out, there is no absolute evidence that a communist-ruled country, has not made any attempts to abuse these vulnerabilities, and this is threatening as China is known for attempting sophisticated state-level attacks all the time.

In any case, the pressure of improved cybersecurity measures is at the all-time high right now, with a major shift hinted at mechanisms for Hardware security as well.

Resources:

https://www.wired.com/story/meltdown-and-spectre-intel-china-disclosure/

https://semiengineering.com/hardware-security-risks-grow/

https://www.wsj.com/articles/intel-warned-chinese-companies-of-chip-flaws-before-u-s-government-1517157430


Load More