You
may have heard about the scary news about two serious security vulnerabilities that
researchers found in most of the world’s computer chips.
A group of researchers, including some from academia, as well as major tech companies including Google discovered two major security vulnerabilities on
microprocessors (chips) inside many computers and mobile devices.
A group of researchers, including some from academia, as well as major tech companies including Google discovered two major security vulnerabilities on
microprocessors (chips) inside many computers and mobile devices.
“Meltdown” uses a process called “out-of-order execution,” allowing hackers to get access to parts of a computer’s memory, according to Wired.
“Spectre” uses a process called “speculative execution,” which induces certain actions on the device that allow hackers to access data from programs the computer interacts with.
Apple acknowledged its devices were impacted. “All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time,” a post on Apple’s support forum said. The company said recent updates to its operating systems would help mitigate the impact.
How the chip flaw was discovered.
Intel Corp. , acknowledged the vulnerabilities, which could potentially affect all systems with its microprocessors that were designed in the past decade or more, If hackers were to use the vulnerability for “malicious purposes,” Intel said, they could steal sensitive personal data from computer devices.
“Someone has figured out a way to exploit the architecture that is built into all modern computer systems,” said Steve Smith, Intel’s engineering lead, who is investigating the issues.
The company pointed out that Intel is not the only chip maker that is impacted by the discovery and insisted it is not correct to call it a “flaw” or “bug” unique to their product. “Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits,” it said.
Any hacks yet?
Intel said there are no known examples of hackers actually using these vulnerabilities to access information on consumers’ devices, but it’s also possible that a foreign government could have been using it, said Al Pascual, a senior vice president and research director at the security firm Javelin.
What’s more, now that the vulnerabilities have been made public, hackers may become more emboldened and try to exploit them, said Adam Levin, a consumer advocate and chairman of security firm CyberScout. “They get very interested,” he said. But for these particular vulnerabilities, hacking would be done device-by-device. “That’s not such an easy deal,” he said.
Devices at risk
Any device that use chips from Intel, AMD or ARM are at risk, experts said.
That includes many devices and services, such as the majority of Google’s Android phones and Windows PCs.
Apple’s computer products are affected because they have used Intel chips for about a decade, Pascual said. (Google said Android devices are “difficult” to exploit.)
Web browsers like Mozilla Firefox and Google Chrome, are also at risk.
Mozilla said its internal experiments have confirmed that it’s possible to use techniques that are similar to "Meltdown" and "Spectre" on web content. The company needs to do more research, but it’s releasing a short-term fix that should help.
Intel and the companies that produce the products have said they will release “patches” to fix the vulnerabilities, while consumers should update their devices’ software in order to get those patches when they become available.
Microsoft has reportedly released an emergency fix for the issues already, while Tech website "CNET" has released a list of instructions for each device.
Consumers should update the latest versions of their devices’ software to get the patches, as they become available, experts said.
Kind of information that could be hacked or exploited.
Anyone can define what they think sensitive data is” on their own device. There is a wide variety of hackable information, including passwords, encryption keys and any sensitive financial information or data stored on the device itself. “Levin said.
It may also be possible for the hackers to use the data they find to access servers, which would open up even more potential data to hack. “Meltdown” and “Spectre” attacks can even give hackers access to computer programs that run on their devices, such as games and email programs and financial spreadsheets, Pascual said.
For that reason, he added, it’s “impractical for consumers to fully immunize themselves.”
What you can do to safeguard yourself.
Security experts have suggested downloading the “patch” updates when they become available and changing passwords to accounts that contain sensitive personal information, but proceed with caution.
"Do not click on any links or attachments in emails that claim to be those updates" as adviced by Pascual and Levin.
Hackers often try “phishing” schemes after major security flaws are revealed, and they send malicious messages to consumers who are trying to protect themselves. Anything sent in an email is not a legitimate update, Levin said.
Devices may update automatically if consumers have opted in to that option on their device’s settings. They can also download patches directly from their device manufacturer, such as HP or Dell. Consumers should continue to use good “hygiene” when surfing the Internet or downloading apps, Pascual said. That means not visiting websites or downloading applications or attachments from sources they don’t trust.
Will the devices that receive the “patch” run slower?
Intel has said that the “patches” could slow down devices, anywhere from 3% to 30%. The amount will depend on the type and age of the device, Levin said. There is virtually nothing consumers can do about that, Pascual said.
Consumers can choose to either download the patches or not download them, but they won’t be able to control for those speed changes. Certain applications may show more of a slowdown in performance, including those that use processors more intensely, like graphic design or gaming applications, Pascual added.
Comments
Post a Comment