When the Meltdown and Spectre exploits were discovered earlier this week, it sent the tech industry into a tizzy, patching and trying to hotfix the problem as quickly as possible.
Michael Schwarz (L), Moritz Lipp (C) and Daniel Gruss (R) from TU Graz.
The flaw responsible for the two exploits is a huge problem, not just because it leaves machines vulnerable to hacking, but because it affects every single device manufactured in the last 20 years. And it’s only because of the efforts of a few researchers that we even know it exists.
One of those researchers is 31-year-old information security specialist from Australia’s Graz Technical University, Daniel Gruss. Gruss discovered the flaw when he was attempting to hack into his own computer early December, and succeeded in accessing his CPU’s virtual memory. Until then Gruss and his colleagues Moritz Lipp and Michael Schwarz had only theorised attacks on a processor’s ‘kernel’ memory, which is supposed to remain private from both users and other programs.
“When I saw my private website addresses from Firefox being dumped by the tool I wrote, I was really shocked,” Gruss told Reuters in an email interview.
He and his teammates were independently researching the method from their own homes at the time, and he contacted them immediately to share his find. “We sat for hours in disbelief until we eliminated any possibility that this result was wrong.”
They had found what’s now considered to be one of the worst PC bugs ever found. Even worse, is that it’s a silicon level problem, which means patches from Microsoft, Google and others is only a surface level fix for Meltdown. For Spectre on the other hand, it’s a more complex exploit to use, as well as to fix. Eventually, it might require an entire redesign of current day processors.