Spectre and Meltdown Malware Droppers

Posted on 2018-03-02 by: Axel Kloth

Specte and Meltdown including their underlying causes and vulnerabilities have been published. Intel, ARM and AMD have been busy trying to patch these vulnerabilities. Software and firmware changes will not stop any attacks based on the vulnerabilities that created Spectre and Meltdown. They fundamentally cannot be averted by software or firmware. Nevertheless, we keep hearing that firewalls and gateways based on those vulnerable architectures are safe. I doubt that. There is nothing that would stop any attacker from developing a Spectre or Meltdown Dropper that attacks the firewall or gateway that then opens up all ports.

In essence, Spectre and Meltdown will make any x86-64 or ARM processor based firewall or gateway subject to attack and successful exploit. With the firewalls and gateways not protecting the LAN, literally everything is up for grabs. Let’s see when we will first see those malware droppers onto firewalls and gateways being successfully deployed.