A scary time in the digital world
Be vigilant with your information as vulnerabilities could undermine the core of our computers’ security
Cybersecurity is arguably going to be the biggest trend — and threat — in 2018. I wrote that sentence before the shock news last week from Intel that all (yes all) its processors have two serious security defects that were discovered last year.
In fact, all processors contain vulnerabilities that could potentially make all computers insecure, as they affect chips made by Intel’s main PC rival AMD, and mobile-orientated processors by ARM and Qualcomm.
Called Meltdown and Spectre, like names for villains and villainous plots in a spoof spy movie, these flaws affect just about every computing device, including smartphones, laptops, desktop PCS and tablets and may affect all operating systems.
Meltdown — which one of the researchers who discovered it, Daniel Gruss, called “probably one of the worst CPU bugs ever found” — could allow hackers to access the processor’s kernel (the secure core that runs deep innards of the operating system).
The patches to fix this could slow the computer down by as much as 30%, it has been speculated.
But Intel says “any performance impacts are workload-dependent” and “should not be significant” for the average user.
Spectre is a harder-to-exploit vulnerability (which makes it harder to patch) but it could allow hackers to gain access to data.
It’s sobering to discover that the underpinnings of our digital world — the processors that power the computers that power the Internet — are susceptible to hacking.
At its core, the Internet has flaws. Cloud service providers have rushed to reassure their users — and investors — that they’ve patched the Meltdown problems and that the perceived slowdowns aren’t as bad as initially feared, unless you’re editing video or playing games. The difficulty of the Spectre vulnerability could mean it will be harder for hackers to exploit, security experts speculate.
Nobody knows if any hacking exploits have been attempted or achieved, but the existential threat remains — our computer processors are themselves vulnerable.
After last year’s record-setting data breaches — 145m personal records from Fairfax in the US, 57m from Uber (which paid a hacker US$100,000 to destroy the data and then covered it up for a year), and about 60m in the Masterdeeds leak here in SA — it is a stark demonstration of how important cybersecurity is. Add to this the Wannacry ransomware attacks that crippled the UK’S health service and affected other multinational companies, and the hacks of Ukraine’s power grid. It’s a dangerous digital world.
It is a timely reminder to practise safer security. Never e-mail personal details like ID and passport numbers or scans of them, and don’t keep such details on your computer. Don’t use the same password for many websites and use secure passwords. Patch your computers often. Run security software with automatic updates.
Nobody knows if any [processor] hacking exploits have been tried or achieved, but the threat remains