How Meltdown chip flaw was discovered by 22-year-old

-

The 22-year-old who uncovered one of the world's biggest security flaws has been described as having an "outstanding mind", stumbling on the Meltdown and Spectre issues while reading lengthy Intel manuals.

As a Google cybersecurity researcher, Jann Horn was first to report the biggest chip vulnerabilities ever discovered. The industry is still reeling from his findings, and processors will be designed differently from now on. That's made him a reluctant celebrity, evidenced by the rousing reception and eager questions he received at a conference in Zurich last week.

Interviews with Horn and people who know him show how a combination of dogged determination and a powerful mind helped him stumble upon features and flaws that have been around for over a decade but had gone undetected, leaving most personal computers, internet servers and smartphones exposed to potential hacking.

Horn wasn't looking to discover a major vulnerability in the world's computer chips when, in late April, he began reading Intel processor manuals that are thousands of pages long. He said he simply wanted to make sure the computer hardware could handle a particularly intensive bit of number-crunching code he'd created.

But Zurich-based Horn works at Project Zero, an elite unit of Google, made up of cybersleuths who hunt for 'zero day' vulnerabilities, unintended design flaws that can be exploited by hackers to break into computer systems.

Cybersecurity specialist Bryant Zadegan and Ryan Lester, head of secure messaging startup Cyph, submitted a patent application alongside Horn in 2016. Zadegan had asked Horn, through Berlin computer security firm Cure53, to audit Cyph's service to check for hacking vulnerabilities. His findings ended up as part of the patent and proved so significant that Zadegan felt Horn more than merited credit as one of the inventors. The tool they built would ensure that, even if Cyph's main servers were hacked, individual user data were not exposed.

"Jann's skill set is that he would find an interesting response, some interesting pattern in how the computer works, and he's just like 'There's something weird going on' and he will dig," Zadegan said. "That's the magic of his brain. If something just seems a little bit amiss, he will dig further and find how something works. It's like finding the glitch in the Matrix."

Before long, Cure53's penetration testers were talking about what they called "the Jann effect" - the young hacker consistently came up with extremely creative attacks. Meltdown and Spectre are just two examples of Horn's brilliance, according to Heiderich. "He's not a one-hit wonder. This is what he does."

Horn is now a star, at least in cybersecurity circles. He received resounding applause from fellow researchers when he presented his Spectre and Meltdown findings to a packed auditorium at a conference in Zurich on January 11, a week after the attacks became public.

With bowl-cut brown hair and a thin build, Horn walked his fellow researchers through the theoretical attacks in English with a German accent. He gave little away that wasn't already known. Horn told the crowd that after informing Intel, he had no contact with the company for months until the chipmaker called him in early December to say other security researchers had also reported the same vulnerabilities. Aaron Stein, a Google spokesman, has a different account though: "Jann and Project Zero were in touch with Intel regularly after Jann reported the issue."

Comments

Post a Comment

Popular posts from this blog

Aquashield Oil and Marine Services protects Nigeria’s waters against criminal activity

-
Image
Offshore industries in Nigeria are afflicted by the ever-present risk of piracy, sea robbery, militancy and kidnapping. With the threat level showing little sign of abating, security companies are gearing up to provide crucial protection services. The ongoing crisis scenario that plagues Nigeria’s territorial waters has prompted a dramatic transformation of the offshore security industry in the region. The industry was previously focused on unregulated fishing and other low-level issues, but has now evolved to tackle combative security threats such as illegal bunkering, the vandalism of oil and gas installations, piracy, sea robbery, militancy and kidnapping. Behind this shift is a destructive bout of youth restlessness in the Niger Delta region. The predicament has dealt a serious blow to the oil and gas industry, leading to reduced revenues for international companies that operate in the region. Similarly, its effects have also been damaging to the insurance companies that cov...
Read more

Kenya Airways gets US Govt. nod for direct flights

-
United States President Donald Trump has approved Kenya Airways application for direct flights from Nairobi to the US. According to an order released yesterday by the US Department of Transportation, neither Trump, nor his representative, rejected the application by the national carrier for the direct flights. Interested parties had been given 21 days to file objections to the order. On the other hand, Trump had 60 days to disapprove the application but did not, hence the application became valid on September 5, 2017. Kenya Airways is now allowed to transport persons, property, and mail from any point or points behind Kenya, via any point or points in Kenya and any intermediate points, to any point or points in the United States and beyond, the order read in part. “We make final our findings and conclusions as stated in the order and award to Kenya Airways PLC the foreign air carrier permit with associated conditions attached to the order,” US director of international a...
Read more

Self-service car sharing comes to Morocco

-
Image
It’s the perfect match for modern day living: self-service cars, by the hour or day, accessible 24/7 and with parking, fuel and insurance costs included. This, a first for Morocco, is on offer in Casablanca from the startup Carmine. Now that self-service bikes have rolled into the country, cars are following suit and offer a much-wanted service in the economic capital, burdened with increasing, chaotic traffic. The firm was created in 2014, and tested the waters with a pilot project in July 2015. According to CEO and founder Mohamed Mrani Alaoui, this was, “A period during which we really reached maturity.” There was a lot to do: running trials on rates, defining parking spaces through a partnership with the city, personalising technology and getting to know client needs. “People thought the concept wouldn’t work in Morocco, to judge by the time it took us to go into commercial operation,” says Alaoui. “But that pilot period was about making the new service more...
Read more