Latest cyber flaws require vigilance
If you own or use a computer – which is just about everyone these days – you might be wondering if you are affected by two newly reported security flaws, known as Meltdown and Spectre. Yes, almost certainly you are.
You may also be wondering if you should be concerned and do something about it. Yes, you should, on both counts. The flaws mean that confidential information on your computer including passwords and credit card details might be stolen.
Should you panic? No, because the latest advice suggests there is no evidence that hackers and criminals have started exploiting the flaws. But they soon will do, now that the secret is out.
How will you know if you are affected? You won’t. One of the peculiarities of the Meltdown and Spectre flaws is that anyone exploiting them won’t leave any traces behind. Meltdown and Spectre involve security gaps in central processing units – the chips or microchips – in computers which could allow private data to be stolen. Meltdown affects laptops, desktops and internet servers using chips manufactured by the global company Intel. Spectre affects smartphones, tablets and computers using Intel, ARM and AMD chips.
Taken together, that means that almost every computer and device manufactured since 1995, along with associated networks, servers and cloud services, are compromised – billions of devices using Microsoft, Google Android and Apple operating systems.
Meltdown and Spectre sound like the evil-doers in a James Bond movie. In fact, a better comparison might be with an episode of the time-warping Dr Who TV show, because the vulnerabilities lie in a computer chip’s ability to run parallel realities within decisionmaking processes, until it decides which ones to do away with. Beyond that, any explanation quickly becomes too technical and complicated to deal with here.
Meltdown is so named because it effectively melts security boundaries in the CPU hardware. The word Spectre is based on the cause of the problem – a process known as speculative execution.
Also, Spectre is not going to be easy to fix, and is likely to haunt us for some time. But the main thing that users need to know is that the computer companies are now or soon will be issuing software updates or ‘‘patches’’, which will minimise (but possibly not eliminate) potential problems. It is important that people install these, but of course they often don’t.
Last year’s WannaCry ransomware attack, which has been blamed on North Korea, affected 300,000 computers in 150 countries which were running older versions of the Microsoft Windows operating system. Some of those computers could have been protected by a security update that had been available for months, but had not been installed.
But simply waiting for those updates may not be enough. Their installation may be compromised by other security applications running on the computer, such as anti-virus software. So, the best advice on how to respond to Meltdown and Spectre is to seek advice – and from an IT professional.
Companies and organisations should be doing that anyway, such is the growing threat from cybercrime and other attacks on systems. The rest of us also have two more reasons to be vigilant.
- Stuff