Skip to main content
Jan 24, 2018

Meltdown, Spectre prove there are no trusted environments for high-value applications

If there’s a lesson from the newly discovered Meltdown and Spectre exploits, it’s that pretty much every company that publishes high-value mobile, desktop or server apps should be doing more to improve its security posture. The two widespread flaws pose an immediate threat to effectively all x86, AMD and ARM processors for Desktop, Android and iOS users. In other words, nearly every cell phone, desktop PC, and server on the market today is vulnerable.

Because Meltdown and Spectre are flaws at the architectural level, anything stored in an application’s protected memory -- encryption keys, user credentials -- can now be exposed. This means anti-virus, anti-malware, perimeter and firewall security won’t be effective; and OS patches have proven challenging to implement thus far.

Systems vulnerable to these exploits should effectively be considered jailbroken or rooted. The bottom line for publishers of high-value apps such as mobile banking, connected medical, connected vehicles or games: your apps are vulnerable to compromise and running in an untrusted environment.

The appropriate response when dealing with zero trust environments? Deploy apps with security designed in them from the start. Secure applications need to be tamper-proof, so bad actors can’t gain access to code to insert malware to exploit these new vulnerabilities. Applications also need integral encryption to prevent other applications from using these new vulnerabilities to access sensitive data.

Arxan’s Application Protection was designed to specifically counter threats to applications when running in zero trust environments. To counter these threats, Arxan code protection includes a layered guard network that protects against static and run-time binary tampering, while Arxan data protection utilizes encryption to protect critical data at rest and in memory.

These new hardware-based vulnerabilities highlight that today’s high-value apps are always running in zero trust environments. Businesses that depend on providing secure applications to their customer base need to expand their security posture to include securing critical assets like code, keys and private data. A reliable protection solution that includes best-in-class, binary code protection and white-box encryption solutions is a must to mitigate today’s security risks.

Arxan Spectre & Meltdown thought leadership in the news:

Arxan

Arxan Author

More from the Blog
Sep 19, 2018

Arr Matey, Hear a Tale about Cyber-Piracy

It’s Talk Like A Pirate Day.
Read more
Sep 18, 2018

The App Is The Endpoint

Traditional Endpoint Security is dead, that is to say that hardening the laptop, desktop, or device is not a panacea. ...
Read more
Sep 13, 2018

Protecting your Business from Client-Side Threats