WISeKey’s Semiconductor products with embedded security are immune to hardware bugs such as Meltdown and Spectre
ZUG, Switzerland – January 8, 2018 –WISeKey International Holding Ltd (“WISeKey“, SIX: WIHN), a leading cybersecurity and IoT company, today announced that its products and software solutions are immune to hardware bugs such as Meltdown and Spectre. As per the recent news, practically every computer device, server, laptop, tablet and smartphone in the market was affected by two major flaws in the design of the device’s Central Processing Unit (CPU), allowing hackers to steal data.
“Not only are WISeKey’s products immune to attacks by Meltdown and Spectre and similar hardware bugs,” explains Carlos Moreira, Chief Executive Officer and founder of WISeKey, “but our security solutions are designed precisely to make these kinds of attacks ineffective. We believe that the phenomenon of the two side-channel attacks wouldn’t exist if our embedded security solutions were implemented from the start in the CPU system of these devices.”
Following the Meltdown and Spectre attacks, to minimize the effect of these incursions, operating system developers are offering emergency patches for download. As per the United States Computer Emergency Readiness Team (US-CERT), due to the fact that the vulnerability exists in the CPU architecture rather than in the software, emergency patches offered by operating system developers may not fully address these vulnerabilities. Moreover, CPU performance may be diminished by up to 30 percent after a patch is installed. (https://www.us-cert.gov/ncas/alerts/TA18-004A).
The Meltdown and Spectre side-channel attacks are geared towards a specific microprocessor architecture that can be found on almost all personal computer devices, servers, laptops, tablets and smartphones. In search of cost and speed optimization, since the 1980s, microprocessor designers took the approach of implementing security through the use of “layers of privilege” within the architecture of a computer system. This approach is designed to provide access to the data relative to the privilege of each user. Thus, an operating system kernel has very high privileges and access to secret data such as passwords and private keys, while user applications have lower privileges and no access to such sensitive information.
The two side-channel attacks consist of running malicious code which will, by making use of the three technologies (Branch Prediction, Speculative Execution and Memory Caching) implemented by these processors, interrogate the memory channel of another processor belonging to another user with different layer of privilege, thus granting unauthorized access to very sensitive information, including passwords and private keys stored deep inside the operating system. Once this information is in the hands of a third party, or even supposed to be disclosed to a third party, the entire system of trust built on it, will collapse.
As Bernard Vian, Managing Director of WISeKey explains, “The secure chips designed by WISeKey, are based on a different architecture and approach. First of all, they are dedicated to providing secure storage and usage of sensitive assets. There is only one application running on these chips, dedicated to secure storage, cryptographic calculations and digital signatures, using the secret key material stored deep down within the protected memory of the chips. The chips are designed with unique capabilities not to allow other software to run on them. Next to this functional approach of a dedicated container for a dedicated use, the chips are equipped with various hardware sensors and protection mechanisms making them resistant to hardware attacks. Would these kind of chips have been used for sensitive data storage on the now affected devices, the attacks would have never been possible.
“Now we are talking about an attack that is affecting several million devices. Imagine the Internet of Things (IoT) where we have tens of billions of devices. Do we want to wake up one morning to find our world crumbled down because of a massive breach in all these devices? Meldown and Spectre attacks demonstrate that these devices are vulnerable and if not protected, it is just a matter of time for these devices to become useless objects.”
For more than twenty years, WISeKey has been providing a range of Common Criteria certified tamper resistant microprocessors that can be implemented on IoT devices to store and use the secret assets, and to uniquely identify, authenticate and protect devices in the field. These assets can be managed through a Webtrustcertified Public Key Infrastructure on premises or as an operated service.
“Regardless, these kind of attacks, have provided all of us with valuable insights and have strengthen our approach towards security, which is the only effective way to protect IoT assets and value in a durable manner,” concluded Carlos Moreira.
WISeKey (SIX Swiss Exchange: WIHN) is a leading global cybersecurity company currently deploying via a Virtual Platform large scale digital identity ecosystems. WISeKey’s Swiss based cryptographic Root of Trust (“RoT”) and IoT Microchips provide secure authentication and identification, in both physical and virtual environments, for the Internet of Things, Blockchain and Artificial Intelligence. The WISeKey RoT serves as a common trust anchor to ensure the integrity of online transactions among objects and between objects and people. For more information, visit www.wisekey.com.
Press and investor contacts:
| WISeKey International Holding Ltd
Company Contact: Carlos Moreira
Chairman & CEO
Tel: +41 22 594 3000
| WISeKey Investor Relations (US)
Contact: Lena Cati
The Equity Group Inc.
Tel: +1 212 836-9611
This communication expressly or implicitly contains certain forward-looking statements concerning WISeKey International Holding Ltd and its business. Such statements involve certain known and unknown risks, uncertainties and other factors, which could cause the actual results, financial condition, performance or achievements of WISeKey International Holding Ltd to be materially different from any future results, performance or achievements expressed or implied by such forward-looking statements. WISeKey International Holding Ltd is providing this communication as of this date and does not undertake to update any forward-looking statements contained herein as a result of new information, future events or otherwise.
This press release does not constitute an offer to sell, or a solicitation of an offer to buy, any securities, and it does not constitute an offering prospectus within the meaning of article 652a or article 1156 of the Swiss Code of Obligations or a listing prospectus within the meaning of the listing rules of the SIX Swiss Exchange. Investors must rely on their own evaluation of WISeKey and its securities, including the merits and risks involved. Nothing contained herein is, or shall be relied on as, a promise or representation as to the future performance of WISeKey.