The Shared Security Podcast Episode 72 – Mobile Phone Emergency SOS, Overview of Meltdown and Spectre

Play episode

This is the 72nd episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded January 22, 2018. Below are the show notes, commentary, links to articles and news mentioned in the podcast:

The Shared Security Amazing Thing of the Month
(we’re not sure what to name this new segment so we’re rolling with this for now…)
Tom and Scott discuss the emergency SOS feature on your mobile device. There was a recent story in the news about a college student who was able to text message and send her location when she was being kidnapped. Even though the college student was able to find a way to text and send out her location, there are some easier and more discreet ways that you can make an emergency phone call as well as alert authorities to your location. Here are the instructions we mentioned on the show if you have an Apple iOS 11 device or on your Apple Watch. Android is not left out of the emergency notification party either! Here are details if you have an Android phone to enable or install this feature with an app.

Overview of the Meltdown and Spectre Critical Vulnerabilities
CPU hardware implementations (manufactured in the last 20 years) are vulnerable to side-channel attacks referred to as Meltdown and Spectre. Modern processors perform speculative execution. To maximize performance, processors try to execute instructions even before it is certain that those instructions need to be executed.

The best description of these vulnerabilities is from the original website announcing these issues:

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers.

Spectre in particular is quite interesting from an attackers perspective. For example, malicious JavaScript code on a website could use Spectre to trick a web browser into revealing user and password information. Software patches are starting to come out for both of these vulnerabilities but there are reports of additional problems that the patches are causing, including impacting system performance in some cases.

Announcing the Shared Security Weekly Blaze Podcast
We’re starting a new weekly podcast which will bring you the hot security and privacy news of the week. The first episode has been released and you can still listen to the new podcast just like you do now. The idea is to give you fast and consumable security and privacy “news that you can use” in 15 minutes or less. These weekly podcasts are in addition to our traditional monthly podcast which will continue to cover security and privacy topics in more detail. We hope you enjoy the new format!

Please send any show feedback, suggestions for future guests and topics to feedback [aT] or comment in our social media feeds. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter, Instagram and like us on Facebook. Thanks for listening!

More from this show

Leave us a Review

Signup for our Newsletter

Follow Us