After several email scams and exposed weak spots last year, you’d think we’d get a break this 2018. Instead, we greet the New Year with another set of vulnerabilities in the computer industry.
Dubbed as Spectre and Meltdown, these vulnerabilities can leak passwords and other sensitive data that is currently being processed on almost all types of systems including desktops, laptops, mobile devices, and cloud platforms.
What is Meltdown?
Operating systems share memory between user programs and the kernel, the core of computers. Meltdown is a vulnerability which allows programs to read the kernel memory, including its protected areas. Because of this, unauthorized programs can gain access to the contents of your other programs and operating systems.
Cited as one of the worst CPU bugs ever found, Meltdown affects most processors manufactured by Intel since 1995. Of the two hacks, Meltdown is easier to exploit and allows any user program to extract protected data. The good news is, it is also easier to protect against. In fact, Intel and tech giants Google, Microsoft, and Apple has already released patches for this bug. So while Meltdown is the more urgent issue, it is not the problem in the long run.
What about Spectre?
Now here lies the problem. Spectre is a harder exploit for hackers to carry out, however it is also harder to fix. While there are ways to protect yourself from the bug, there are currently no patches released to fix this flaw at the moment. Worse, it affects all processors including Intel, Advanced Micro Devices or AMD, Apple, and ARM Holdings.
Spectre is similar to Meltdown in essence, except that Spectre exploits the division between different applications instead of the kernel memory. A hacker can use this vulnerability as a way to trick your secured apps to give access to their memory. This is applicable to all of the programs that you’re currently running.
Should you be concerned?
The short answer? Yes. Everyone should be concerned at the moment. These vulnerabilities affect almost every system available. If you own a PC, a smartphone, or a cloud server, then chances are you are vulnerable to an attack.
A hacker could use Meltdown and Spectre to access your passwords, photos, and any other private information. It can also be used with other security flaws to create bigger information leakage. The problem is, you won’t even know if someone has already used Meltdown or Spectre on your device as these bugs are virtually untraceable and does not leave any traces in the log files.
Is there a fix?
Companies have started releasing patches for the vulnerabilities and are continuously searching for other ways to fix the problem.
Last Wednesday, January 3, 2018, Microsoft released a patch that can fix the Meltdown vulnerability. The update will be downloaded and installed automatically from Windows Update and applies to all devices running on Windows 10.
Google has already updated its system against possible attacks that may be executed through the Meltdown and Spectre. Android devices, G Suite, and Gmail platforms were quickly protected, while users of Google Cloud Platform should patch and update their accounts to secure their data.
Meanwhile, Intel – the company most affected by this issue – has already released patches and assures that it will be able to patch 90% of the affected chips produced within the last 5 years by the end of next week. The company is also working with AMD and ARM to create a solution.
A tool called KAISER or Kernel Address Isolation to have Side-channels Effectively Removed has also been developed in order to address the vulnerability. KAISER works by implementing a series of process that can completely hide the kernel’s address space thus making it inaccessible to attacks. KAISER’s only downside is it can affect the performance of your device.
How can you protect your data?
This may be the first exposed vulnerability for 2018 but it certainly won’t be the last. In order to not be blindsided by such events, it would be best if you know how to protect your data at all times. How can you do that?
- Always perform patches. I cannot stress enough how important it is to update your software and systems. Patches help improve your program and data. There is no downside to performing it. Religiously check for system updates, or better yet, configure your devices to automatically apply patches.
- Update your security. Subscribe to better anti-virus systems. Update your browser. Be smart about opening malicious content. Keep your personal details secure at all times.
- Get professional help. If you are unsure of what you are supposed to do, or think that your data might be at risk, then it would be best to contact a team of professionals who can help you fix the issue.
Security is not something you should take lightly. Be informed about the latest news in the field by subscribing to the Wyntec blog. If you need any help or assistance regarding the Meltdown and Spectre vulnerabilities and how to protect your system, feel free to contact us at [email protected]