Just 4 days into the New Year and already a major IT Security issue has been reported in the major press.
Following months of investigation and collaboration between journalists, researchers and manufacturers, the news broke that two major bugs are affecting central processing units, or CPUs of perhaps billions of devices worldwide, specifically Intel processors, which is effectively every processor released since 1995.
The bugs are called Meltdown and Spectre, and can affect Desktops, Laptops, Cloud Servers, Cloud Computers and Smartphones.
What are these bugs?
In modern computer architecture, data passes through spaces in raw, unencrypted format. These spaces should be impregnable, such as the kernel or system memory. The protections in place should prevent any other processes or applications from being able to even observe the data, let alone interfere with it.
Meltdown and Spectre bypass these protections and expose the data in its raw format, including passwords, proprietary information and encrypted communications.
So what are the risks?
Cyber criminals intent on using these bugs could use a malicious program to access the data stored in the memory of other running programs. That data can include passwords saved in browsers or stored in a password manager, photos, emails, business documents and research. Once this data has been exposed, it could be used to hack into your accounts, become the subject of a ransomware attack or sold back to you or a competitor through blackmail.
Is there a fix?
The researchers who discovered Meltdown and Spectre tested Intel, ARM and AMD processors. So far Meltdown has been verified on Intel, with Spectre verified on Intel, AMD and ARM. Since reporting the bugs, software patches have been released to fight against and pre-empt Meltdown. Spectre is harder to mitigate, although software patches have been released to fight against known exploits of Spectre.
It is certain that more patches will be released as exploits are discovered. Unfortunately, they are likely to lead to a reduction in performance of the Intel chips, and will potentially affect other components in the device. Whilst this is preferential to the risk of exposing sensitive data, manufacturers will need to improve their processor designs to maintain the performance achieved by modern architecture whilst mitigating against these security threats.
The webpage from the researchers can be found here: https://meltdownattack.com/
The bottom line is...when security updates and software patches are released, work with your IT support provider to ensure that they are installed quickly, and any domino effects can be identified and resolved at the same time.
Date published: 04/01/2018