How Meltdown chip flaw was discovered by 22-year-old
The 22-year-old who uncovered one of the world's biggest security flaws has been described as having an "outstanding mind", stumbling on the Meltdown and Spectre issues while reading lengthy Intel manuals.
As a Google cybersecurity researcher, Jann Horn was first to report the biggest chip vulnerabilities ever discovered. The industry is still reeling from his findings, and processors will be designed differently from now on. That's made him a reluctant celebrity, evidenced by the rousing reception and eager questions he received at a conference in Zurich last week.
Interviews with Horn and people who know him show how a combination of dogged determination and a powerful mind helped him stumble upon features and flaws that have been around for over a decade but had gone undetected, leaving most personal computers, internet servers and smartphones exposed to potential hacking.
Horn wasn't looking to discover a major vulnerability in the world's computer chips when, in late April, he began reading Intel processor manuals that are thousands of pages long. He said he simply wanted to make sure the computer hardware could handle a particularly intensive bit of number-crunching code he'd created.
But Zurich-based Horn works at Project Zero, an elite unit of Google, made up of cybersleuths who hunt for 'zero day' vulnerabilities, unintended design flaws that can be exploited by hackers to break into computer systems.
Cybersecurity specialist Bryant Zadegan and Ryan Lester, head of secure messaging startup Cyph, submitted a patent application alongside Horn in 2016. Zadegan had asked Horn, through Berlin computer security firm Cure53, to audit Cyph's service to check for hacking vulnerabilities. His findings ended up as part of the patent and proved so significant that Zadegan felt Horn more than merited credit as one of the inventors. The tool they built would ensure that, even if Cyph's main servers were hacked, individual user data were not exposed.
"Jann's skill set is that he would find an interesting response, some interesting pattern in how the computer works, and he's just like 'There's something weird going on' and he will dig," Zadegan said. "That's the magic of his brain. If something just seems a little bit amiss, he will dig further and find how something works. It's like finding the glitch in the Matrix."
Before long, Cure53's penetration testers were talking about what they called "the Jann effect" - the young hacker consistently came up with extremely creative attacks. Meltdown and Spectre are just two examples of Horn's brilliance, according to Heiderich. "He's not a one-hit wonder. This is what he does."
Horn is now a star, at least in cybersecurity circles. He received resounding applause from fellow researchers when he presented his Spectre and Meltdown findings to a packed auditorium at a conference in Zurich on January 11, a week after the attacks became public.
With bowl-cut brown hair and a thin build, Horn walked his fellow researchers through the theoretical attacks in English with a German accent. He gave little away that wasn't already known. Horn told the crowd that after informing Intel, he had no contact with the company for months until the chipmaker called him in early December to say other security researchers had also reported the same vulnerabilities. Aaron Stein, a Google spokesman, has a different account though: "Jann and Project Zero were in touch with Intel regularly after Jann reported the issue."
When a fellow researcher asked him about another possible aspect of processor design that might be vulnerable to attack, Horn said: "I've been wondering about it but I have not looked into it."