January 4, 2018
Spectre and Meltdown Security Vulnerabilities: What to Do About Them
Spectre and Meltdown. They may sound like secret weapons right out of a James Bond film, but these latest security breaches aren’t being concocted by evil film villains in mysterious back rooms somewhere in Europe. Instead of being straight out of a movie plot, these new security breaches are in fact very real and have put every single computer at risk.
What Are They?
To put it simply, Spectre is a security flaw found in Intel, AMD, and Arm chips, which power millions of devices, from personal computers and smartphones to huge data centers. But that’s not all these chips power. As TechCrunch warns, these chips are found in everything from thermostats to baby monitors. Your televisions, radios, voice-control devices, and more are vulnerable.
When computers and other devices process and transfer data, that data is passed through what is known as the “kernel.” Protections keep this unencrypted data from being accessed. However, Spectre has found a way to circumvent these protections and basically trick your devices into gaining access to your personal info, from passwords to banking numbers and everything in between.
Meltdown, so far, has been found to affect mostly Intel chips. However, devices with Intel more than twenty years old—dating as far back to 1995—are at risk. Meltdown basically is able to break down the barriers that protect your private data in the computer’s “kernel.”
So, What’s Being Done?
Intel, Apple, Google, Microsoft, Amazon, and other companies are releasing patches. However, their devices are going to require more than a new update.
What makes Spectre and Meltdown different from any other breach we’ve seen—and we’ve seen a lot of them, even in just the last year—is that this breach affects the actual architecture of your devices. The flaw’s not found in one program or one operating system. The flaw is found in the way your computer is built. It’s in the circuit board, the processors, and the security barriers around your computer’s memory. And fixing this can have some consequences, such as a reduction in the speed of your computers by as much as 30%.
While patches are being released, software developers and other leaders in the industry will be taking a careful and thorough look at the way devices have and are currently being built. And in many cases, this may require them questioning what they’ve always known. As the industry continues to develop more advanced and complex technology, a more serious look at security needs to be taken. Safety cannot be sacrificed for convenience.
What Can I Do?
It’s important to know that no exploits have currently been detected, meaning that no hackers have gained access to anyone’s devices. However, with the news of these two new breaches spreading, it’s only a matter of time before hackers make a move.
The only thing you can do right now is to implement the patches companies have been releasing. Update your devices.
- Microsoft: Updates have already been released. The latest security updates were released on January 3. If you use any of Microsoft’s cloud services, a patch is currently being developed.
Apple: Patches have already been released.
Google: Google has updated customers’ cloud services, but users of Computer Engine should also keep alert and make any necessary updates. Android devices are protected, but Chromebook users should run the latest updates.
Amazon: The company is currently patching their data servers, so customers may experience outages.
While you’re making these updates, expect your machine to run slower than it normally would, or expect some software programs to not work correctly. With a breach this unprecedented, there are bound to be some hiccups.
As always, if you’re worried about how these breaches may affect your business’s devices and security, reach out to our small business IT support team. They’ll help you develop a plan to keep your technology, your customers, and your business safe.