He wasn’t looking for fame. Instead, 22-year-old German Jann Horn just wanted to make sure his computer could handle a new number-crunching code he had created.
What he unintentionally discovered was one of the worst chip flaws in history, which affects billions of products around the world – from baby monitors to iPads.
So how does it work?
In short, he found that data stored in a device’s memory can be hacked.
Computers use a process called speculative execution. It’s the speed at which a processor tries to guess what part of a code (information) is needed before beginning to perform steps to pull that information ahead of time. It works to speed up this process by pulling information from your data cache so that, for example, you don't have to enter a password every time you open your Gmail account.
Hardware vulnerabilities allow hacking programs to steal information processed on a computer by exploiting a user’s data cache. For those of you that don't speak computerese, a data cache is basically a digital storage unit filled with every file, image, script, browser history, email, message, and any other media you have accessed at one point or another.
Scary, right?
Horn said what he found was that if the processor guessed incorrectly, the wrong data would still be stored in the chip’s memory, potentially exposing that information to a clever hacker.
The flaw affects most processors manufactured by Intel since 1995 and can be exposed by two hacks that were made public on January 1. Meltdown allows a program to access a device’s memory and steal information from the program and operating system. Spectre tricks an error-free program into leaking information. Most of the processors are used in Apple products.
The discovery is making the industry rethink its designs.
It all started last April when Horn picked up some not-so-light reading – Intel Corp processor manuals that are thousands of pages long.
Not exactly the kind of books you find on a coffee table.
The Zurich-based Google researcher is part of Project Zero, an elite group of cybersleuths who hunt for unintended design flaws that make systems especially hackable.
Horn wasn’t the only person to discover the flaw, but what’s impressive is that he worked alone. After making his discovery, he compared notes with other research teams who encouraged him to contact the manufacturers.
Researchers reported the flaw to Intel, ARM Holdings Plc., and Advanced Micro Devices Inc. on June 1. It wasn't until last week that the companies made it public.
Intel says 90 percent of recent processors should be patched by the end of this week and Apple has released updates. Nonetheless, both are facing multiple lawsuits.
3
