A processor vulnerability that affects hundreds of millions of computers has alarmed users all around the world. “Meltdown” and “Spectre” are the names of the two currently known attacks that exploit this security breach. Using one of these attacks, a process can, under certain circumstances, access data without having permission.
Since the vulnerability is in the processor, i.e., in the innermost core of a computer, all programs running on this hardware are affected – including the operating system. In response to Meltdown and Spectre, Microsoft released a security update for Windows on January 3, 2018, which, while not remediating the cause, made it significantly more difficult to exploit the security breach.
Because cryptovision products encrypt data, in many cases they provide significant protection against Meltdown and Spectre. This is because encrypted data is virtually worthless for a party not having the key.
It is important to note that a process being able to access prohibited data can also access cryptographic keys. However cryptovision software is well protected against this threat:
- Unlike, for example, web browsers, virtual machines, or operating systems, cryptovision software does not execute code from outside sources. Invoking prepared code, which is necessary for Meltdown and Spectre, is therefore not possible with cryptovision products.
- Keys that are stored on a smart card (as recommended by cryptovision) are generally unreachable for the processor, even if it has security weaknesses. Anyone using smart cards (or other external key storage, such as security tokens or an HSM) has nothing to fear.