WIBU-SYSTEMS

Perfection in Protection, Licensing, and Security

What Meltdown and Spectre Mean for Wibu-Systems' Users

MarketingWIBU-SYSTEMS AG on January 10, 2018 at 12:07 PM

The recent news about security vulnerabilities in common microprocessors and, by implication, popular operating systems and applications have left many users rightly concerned about their IT security.

What we can say at this point in time is that there are three new vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754), which have become known under the monikers “Meltdown” and “Spectre”.

The possible attacks exploit common performance boosting technology, such as the speculative execution of instructions, combined with side channel attacks to access data in volatile memory. As far as we can tell, this can be done in user mode, making it possible for external attackers to combine this with other common strategies (e.g. phishing). The exact details and proofs of concept were released simultaneously by Google’s Project Zero.

The vulnerabilities have, so far, only be demonstrated under “sanitized” laboratory conditions, and no real-life attacks are known. Despite this, the potential implications seem disastrous: Memory could be accessed at will by processes without the privileges to do so. This could be particularly catastrophic in cases where multiple users share the same hardware (multi-tenancy).

The affected makers of microprocessors and software developers are aware of the issue and have begun to release first patches. There are suggestions that certain trends in chip design will have to be reconsidered in the medium term.

It is not yet known whether code can be manipulated by exploiting these vulnerabilities. We will continue to monitor and proactively evaluate the patches provided in response by the industry (using CVE databases). Where required, we will notify our clients about updates they should install.

To our current knowledge, the functions and capabilities of Wibu-Systems’ CodeMeter products are not affected by the threat and will continue to offer optimum protection for applications against manipulation and illicit use.

As the keys used for software protection never needs to leave the CmDongle, our CodeMeter products will not be affected by Meltdown and Spectre, even if a would-be attacker should manage to access the entire application memory. Our IxProtector technology also supports highly granular encryption, making data available in unencrypted form only when and where it is genuinely needed. This will reduce the potential effects of an attack using Meltdown or Spectre to a minimum. Combined with our Blurry Box technology, this gives us good reason to consider Wibu-Systems the unbeaten leader in the field of software protection and licensing.

Login or register now and enjoy all the benefits of a community!

To get the whole functionality of IndustryArena Forum you need to login or register. This process is absolutely free.

Password forgotten?
Contact request
Guest Photo
Your message
The controller within the meaning of Art. 4(7) GDPR is: IndustryArena GmbH, Schneiderstr. 6, 40764 Langenfeld, Germany.
You may reach our data protection officer under [email protected].

Purpose of processing
We process your personal data concerning the use of the contact form and the communication with the company of the newsroom as well as the transmission of your data to this company in accordance to Art. 6 (1a) GDPR. This constitutes a legitimate interest for us in accordance to Art. 6 (1f) GDPR.

Recipient of the data
Within our organization, those units gain access to your data, which are necessary to fulfil the above purposes.
Personal data will only be transmitted to third parties if this is necessary for the aforementioned purposes or if another legal basis exists. If necessary, we conclude the corresponding data protection agreements with third parties, in particular pursuant to Art. 28 GDPR.

Data storing
Your data will be transmitted to the company of the newsroom for further processing. The period of storing is the duration of the processing of your request by the respective company.

Select contact person

Newsroom Logo

Design options

  • Title text color:
  • Content background:
  • Content text color:
  • Navigation background:
  • Tab text color:
  • Active tab text color:
  • Link text color:
  • Active link text color:
  • Background image Background color:

    How do you want to position the background-image?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the background image

  • Banner

    How do you like to align the banner?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the banner

  • Skyscraper

    Set the link for the skyscraper

Please note:

Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.