Meltdown and Spectre — Not the End of the World, But Action Is Required


We’re only a week into 2018, and computer researchers have already identified not one, but two major cybersecurity vulnerabilities: Meltdown and Spectre. These vulnerabilities exist in computer processors and mean hackers could steal passwords and other sensitive user data stored on almost every device made in the last 20 years.

However, the key word in this sentence is “might”. So far, there is no evidence that cyber criminals have exploited these vulnerabilities, both of which may be difficult to exploit. Big software and hardware companies like Google, Microsoft, Intel and Apple took action to address the problem. Once patches, updates, and workarounds are available, it’s best to leave the actual deployment to the professional IT service providers who support your company’s technology.

Nonetheless, Meltdown and Specter represent an entirely new threat: one that exploits hardware-level information within your computer by isolating the connection between the operating system and the user application. So far, Meltdown affects many Intel processors manufactured over the years, while Specter is a more common bug affecting Intel, AMD, and ARM processors found in computers, servers, mobile devices, and tablets .

Processors act as the fundamental building blocks of devices that allow our computers, smartphones, and other systems to “think” by performing an overwhelming number of calculations every second. Today’s devices “think” “in parallel”, which means that they can perform different calculations for different applications at the same time. It is precisely this complexity that a hacker can compromise by using code running in a web browser to access a computer’s memory, keystrokes, passwords, emails, chat conversations, documents, and other sensitive information.

Once such mistakes are made public, you can bet that cyber criminals will do their best to exploit them. The good news is that most potential damage caused by Meltdown can be averted with software updates and security patches. Fixes for Specter could take longer for manufacturers to make changes to hardware components. But to reiterate, no reported breaches have occurred as a result of the newly identified vulnerability.

See more new articles in category: GUIDES
Leave a comment