Skip to main content
Jan 24, 2018

Meltdown, Spectre prove there are no trusted environments for high-value applications

If there’s a lesson from the newly discovered Meltdown and Spectre exploits, it’s that pretty much every company that publishes high-value mobile, desktop or server apps should be doing more to improve its security posture. The two widespread flaws pose an immediate threat to effectively all x86, AMD and ARM processors for Desktop, Android and iOS users. In other words, nearly every cell phone, desktop PC, and server on the market today is vulnerable.

Because Meltdown and Spectre are flaws at the architectural level, anything stored in an application’s protected memory -- encryption keys, user credentials -- can now be exposed. This means anti-virus, anti-malware, perimeter and firewall security won’t be effective; and OS patches have proven challenging to implement thus far.

Systems vulnerable to these exploits should effectively be considered jailbroken or rooted. The bottom line for publishers of high-value apps such as mobile banking, connected medical, connected vehicles or games: your apps are vulnerable to compromise and running in an untrusted environment.

The appropriate response when dealing with zero trust environments? Deploy apps with security designed in them from the start. Secure applications need to be tamper-proof, so bad actors can’t gain access to code to insert malware to exploit these new vulnerabilities. Applications also need integral encryption to prevent other applications from using these new vulnerabilities to access sensitive data.

Arxan’s Application Protection was designed to specifically counter threats to applications when running in zero trust environments. To counter these threats, Arxan code protection includes a layered guard network that protects against static and run-time binary tampering, while Arxan data protection utilizes encryption to protect critical data at rest and in memory.

These new hardware-based vulnerabilities highlight that today’s high-value apps are always running in zero trust environments. Businesses that depend on providing secure applications to their customer base need to expand their security posture to include securing critical assets like code, keys and private data. A reliable protection solution that includes best-in-class, binary code protection and white-box encryption solutions is a must to mitigate today’s security risks.

Arxan Spectre & Meltdown thought leadership in the news:

Arxan

Arxan Author

More from the Blog
May 07, 2018

It's Time To Get Serious About Application Security

Apr 02, 2018

How to Detect App Threats to Protect Your Business

Apr 02, 2018

Protecting Apps Is Not Enough: Why You Need Threat Analytics

Every app downloaded via an app store is running in a
Read more