I hope your 2018 is off to a great start! Every new year always brings a feeling of optimism and new beginnings for all of us for a year full of promise. This year always promises to be better than last year, no matter how good last year was. Unfortunately, this year also has the potential to be a great one for the hackers of the world as “one of the worst CPU bugs ever found” has recently been discovered. Nearly all of the computers and smartphones in the world have become vulnerable overnight. Today we’ll start 2018 with a bang by giving you all the details of Meltdown and Spectre, and what you can do to protect yourself.
To understand what has happened, we first need to understand the basics. The security flaws that have been uncovered affect the CPU or central processing unit of a computer or smartphone. Simply put, the CPU is the brain of the device. Like your own brain, there is a section of the CPU whose primary job is to handle memory. In technology, RAM (random access memory) are the memory chips used in a device. The CPU communicates to and from the RAM chips to accomplish the tasks at hand (this is a simple overview, save your snarky comments and letters). Apparently, there are two flaws that have existed for more than twenty years which could allow evildoers to steal data from running programs or apps such as mail programs, browsers, and password managers. Now that they’ve come to light, expect hackers to focus on these vulnerabilities. As of this writing, there haven’t been any successful attacks.
There are two flaws: one is called Meltdown, and the other, Spectre. Meltdown is specific to Intel CPUs. Intel is the largest manufacturer on the market, with the company’s CPUs found nearly everywhere. Meltdown allows hackers to access running programs through the computer’s memory. Spectre affects CPUs made by Intel, AMD, and ARM. So, basically, every CPU on the market. Spectre tricks programs and apps into handing over secret or secure information.
So, what can you do to protect yourself and your device(s)? Well, not too much. Giants like Apple, Microsoft, Google, and Amazon are aware of Meltdown and Spectre and are in the process of releasing patches to plug these holes. If you have a Windows computer, make sure to run any and all Windows Updates as Microsoft has released an automatic Update to address the issue. Don’t leave it to chance though – run your Updates regularly. Google has a patch for Chrome that is currently in development and will be released on January 23rd. Mozilla Firefox will include a fix in its newest version. Within a week, Intel expects to issues patches for 90% of its processors. Apple is currently working on updates for their current operating systems. No timetable for a release has been given, however. As always, the best defense is to be aware and take advantages of updates as they become available.
One of the hopes in every new year is that all of the evil in the world will simply go away. While we all wish for that, it hasn’t happened yet, and 2018 probably won’t be the year. Fortunately, the “good guys” have discovered vulnerabilities in the world’s CPUs that the “bad guys” haven’t uncovered yet. Stay vigilant so we good guys might pick up a win!