Meltdown & Spectre discoveries credited to 22-year-old German genius
The identification of the "Meltdown" and "Spectre" vulnerabilities in Intel- and ARM-based processors — including chips used in Apple's Macs, iPhones, and iPads — can be credited almost entirely to a Google security researcher in his early 20s, Jann Horn.
Originally from Germany, Horn now works in Zurich, Switzerland with Project Zero, Google's zero-day team, Bloomberg noted on Wednesday. He's said to have discovered the issues while working alone, beginning in April, when he was reading Intel processor manuals to make sure chips could handle code he'd written.
It's in reading about speculative execution that Horn realized that sensitive data was being kept in memory and could potentially be accessed by clever hacking. After talking to a fellow Google researcher, he arrived at the idea of tricking a processor into unusual speculative executions that could be used to fetch specific data.
Horn eventually told Intel, ARM, and AMD about the situation on June 1. By the time Meltdown and Spectre were announced to the public this January, Horn was given lead credit.
Accounts differ on the amount of contact between Horn and Intel. At a conference in Zurich on Jan. 11, Horn said that after his initial data sharing, there was no discussion until Intel called him in early December to confirm other researchers had found the same issues. A Google spokesman, Aaron Stein, insists however that there was much more chatter.
"Jann and Project Zero were in touch with Intel regularly after Jann reported the issue," Stein told Bloomberg.