So much FUD in this thread. I have written up a blog post explaining
Meltdown and Spectre for the average person (who has some familiarity with computer terminology).
The NSA has no interest in stealing your Bitcoins. If they are stored on your PC and the NSA wanted to steal them, believe me, they could steal them and the Meltdown and Spectre attacks have nothing to do with how they'd take them. For most people, a hardware wallet is the best way to keep your coins secure.
Hardware wallets are not vulnerable to the Meltdown/Spectre class of attacks.You got any more info on this? What CPUs are hardware wallets using?
Spectre is pretty wide reaching, even some ARM chips are affected, so I am quite curious about architecture hardware wallets use, since there are not many CPU manufactures in the world.
doesnt make any difference what cpu the hardware wallet is using, its running signed trusted code from the manufacturer 100%. no way for the malware to get in.
trezor had a side channel attack (power draw analysis) a while back but thats been fixed for a long time.
Meltdown and Spectre vulnerabilities are due to hardware implementation, that is why they are such a big deal now.
It doesn't matter if you are running Windows, Ubuntu, Android or the OS of your router, the problem is not in the code it is the hardware that has the vulnerability.
The problem however is local privilege escalation, so I guess you have a point, since code would have to be executed on them. The problem is that code wasn't built with this in mind, so it is maybe allowing some low privilege access to something that wouldn't be a problem if it wasn't for these vulnerabilities.