524,325 active members*
2,884 visitors online*
Register for free
Login Register
WIBU-SYSTEMS Blog

Perfection in Protection, Licensing, and Security

What Meltdown and Spectre Mean for Wibu-Systems' Users

January 2018
10
Author: Wibu-Systems
Company: WIBU-SYSTEMS AG
What Meltdown and Spectre Mean for Wibu-Systems' Users

The recent news about security vulnerabilities in common microprocessors and, by implication, popular operating systems and applications have left many users rightly concerned about their IT security.

What we can say at this point in time is that there are three new vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754), which have become known under the monikers “Meltdown” and “Spectre”.

The possible attacks exploit common performance boosting technology, such as the speculative execution of instructions, combined with side channel attacks to access data in volatile memory. As far as we can tell, this can be done in user mode, making it possible for external attackers to combine this with other common strategies (e.g. phishing). The exact details and proofs of concept were released simultaneously by Google’s Project Zero.

The vulnerabilities have, so far, only be demonstrated under “sanitized” laboratory conditions, and no real-life attacks are known. Despite this, the potential implications seem disastrous: Memory could be accessed at will by processes without the privileges to do so. This could be particularly catastrophic in cases where multiple users share the same hardware (multi-tenancy).

The affected makers of microprocessors and software developers are aware of the issue and have begun to release first patches. There are suggestions that certain trends in chip design will have to be reconsidered in the medium term.

It is not yet known whether code can be manipulated by exploiting these vulnerabilities. We will continue to monitor and proactively evaluate the patches provided in response by the industry (using CVE databases). Where required, we will notify our clients about updates they should install.

To our current knowledge, the functions and capabilities of Wibu-Systems’ CodeMeter products are not affected by the threat and will continue to offer optimum protection for applications against manipulation and illicit use.

As the keys used for software protection never needs to leave the CmDongle, our CodeMeter products will not be affected by Meltdown and Spectre, even if a would-be attacker should manage to access the entire application memory. Our IxProtector technology also supports highly granular encryption, making data available in unencrypted form only when and where it is genuinely needed. This will reduce the potential effects of an attack using Meltdown or Spectre to a minimum. Combined with our Blurry Box technology, this gives us good reason to consider Wibu-Systems the unbeaten leader in the field of software protection and licensing.

0 comments

Blog Archiv

July 2020
June 2020
May 2020
April 2020
March 2020
February 2020
January 2020
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
October 2016
September 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016