Skip to main content
Jan 24, 2018

Meltdown, Spectre prove there are no trusted environments for high-value applications

If there’s a lesson from the newly discovered Meltdown and Spectre exploits, it’s that pretty much every company that publishes high-value mobile, desktop or server apps should be doing more to improve its security posture. The two widespread flaws pose an immediate threat to effectively all x86, AMD and ARM processors for Desktop, Android and iOS users. In other words, nearly every cell phone, desktop PC, and server on the market today is vulnerable.

Because Meltdown and Spectre are flaws at the architectural level, anything stored in an application’s protected memory -- encryption keys, user credentials -- can now be exposed. This means anti-virus, anti-malware, perimeter and firewall security won’t be effective; and OS patches have proven challenging to implement thus far.

Systems vulnerable to these exploits should effectively be considered jailbroken or rooted. The bottom line for publishers of high-value apps such as mobile banking, connected medical, connected vehicles or games: your apps are vulnerable to compromise and running in an untrusted environment.

The appropriate response when dealing with zero trust environments? Deploy apps with security designed in them from the start. Secure applications need to be tamper-proof, so bad actors can’t gain access to code to insert malware to exploit these new vulnerabilities. Applications also need integral encryption to prevent other applications from using these new vulnerabilities to access sensitive data.

Arxan’s Application Protection was designed to specifically counter threats to applications when running in zero trust environments. To counter these threats, Arxan code protection includes a layered guard network that protects against static and run-time binary tampering, while Arxan data protection utilizes encryption to protect critical data at rest and in memory.

These new hardware-based vulnerabilities highlight that today’s high-value apps are always running in zero trust environments. Businesses that depend on providing secure applications to their customer base need to expand their security posture to include securing critical assets like code, keys and private data. A reliable protection solution that includes best-in-class, binary code protection and white-box encryption solutions is a must to mitigate today’s security risks.

Arxan Spectre & Meltdown thought leadership in the news:

Arxan

Arxan Author

More from the Blog
Aug 30, 2019

On the Trail of Magecart [Infographic]

Arxan commissioned research by Aite Group to examine formjacking and digital card skimming vulnerabilities in eCommerce websi ...
Read more
Aug 08, 2019

Mind the Gap: Applications Are Your Biggest Weakness

Something Has To Change There has been a lot of talk this year about the need to better protect applications, particularly m ...
Read more
Aug 07, 2019

Here Comes CCPA

Ready Or Not, Here It Comes! As of publication, there are 147 days left until CCPA and SB-327 come into effect.
Read more