It's interesting how we've really entered the era of side channel attacks and vulnerabilities. We're seeing this with the meltdown bugs (speculative execution is a kind of side channel) and now we are seeing stuff where even if your code is well written you have to take into account if the hardware executes in a certain way to leak EM emissions.
I imagine we are going to see more and more of these types of attacks.
Yep, several times this year I had to do double-takes to see if directional microphones are now considered script-kiddie level toys. Nope, it's "just" SDR.
For meltdown, speculative execution alone only allows an attacker to load stuff in to the processor's cache, actually reading if from cache requires a textbook side channel timing attack.
Meltdown is ultimately a timing attack, so it definitely qualifies.
I take this as an indication that the underlying cryptographic primitives have become really good, so it’s no longer (usually) practical to attack that layer.
Were the underlying cryptographic primitives ever bad (in a practical attack sense)? Even DES with it's 56 bit key was not cracked in a real targeted attack.
DES can be brute forced. RSA can as well, with key sizes that were once considered reasonable. MD5 and SHA-1 both have serious vulnerabilities.
Edit: it also used to be really common for people to use crappy, often homegrown primitives. How many systems were broken because the “encryption” was a simple xor with a fixed key or something? Now it’s very likely that the information you want to access is protected with something like TLS.
I imagine we are going to see more and more of these types of attacks.