In the last few months of 2017, security companies made their own forecasts about incoming cyberthreats and the measures that needed to be taken to ensure a better and cybersafer 2018, often advocating the use of protective software tools made by that vendor. Lo and behold! 2018 started with a scenario hardly anyone could have foreseen. Two serious design vulnerabilities in CPUs were exposed that make it possible, although not always that easy, to steal sensitive, private information such as passwords, photos, perhaps even cryptography certificates.
Lots has been written about these vulnerabilities already: if you are new to the subject we suggest that you read Aryeh Goretsky’s article “Meltdown and Spectre CPU Vulnerabilities: What You Need to Know.”
Now, there is a much larger underlying issue. Yes, software bugs happen, hardware bugs happen. The first are usually fixed by patching the software; in most cases the latter are fixed by updating the firmware. However, that is not possible with these two vulnerabilities as they are caused by a design flaw in the hardware architecture, only fixable by replacing the actual hardware.