USA Today, January 5, 2018, comments by Atiq Raza;
Any owner of Mac or Android phones and computers: Install your updates and patches
A security flaw has been discovered in Intel, AMD and ARM chips and every major software company is pushing out security updates, including Apple, Microsoft, Amazon, and Google. Just about every modern device with a CPU – phones (iPhone and Android), tablets, Macs, PCs -- is vulnerable.
Two vulnerabilities are identified, dubbed the Bondish names Meltdown and Spectre. They were discovered a few months back and the security patches were in the works in preparation for a public announcement planned for January 9. But word was getting out so we all know now a few days early.
What are the chip vulnerabilities?
The chip issue goes back nearly 20 years, long before devious hackers were trying to take advantage of every loop hole to steal information. In the early 90s, engineers implemented a feature called ‘speculative execution’ which speeds computer processing by enabling the computer to “guess” or anticipate what information a user might look for next based on what they are already viewing. So if a user starts reviewing stocks, the speculative execution function might pull that user’s portfolio passwords up into protected CPU memory. Same for a user’s banking information….and so on, putting sensitive information that’s made more accessible based on this feature at higher risk.
The vulnerability called Meltdown allows full access to the protected memory space described above. It appears to only affect Intel chips manufactured since 1995.
The Spectre vulnerability uses malicious code to trick access to random portions of the protected memory. It is believed to affect processors made by Intel, Advanced Micro Devices and ARM.
Both of these issues give hackers new means to try and gain access to our computers, phones and information.
How much could the hackers see?
“The exploit could allow an attacker to open a window that let's them look at what’s being rolled into and out of that protected memory space,” says Atiq Raza, chairman and CEO of Virsec Systems, Inc and the former president of AMD. “Depending how long the hackers can keep the window open, they could see a very significant amount of data scroll by. Even if it's just for a few seconds, a humongous amount of information could go through.”
What should you do about these chip vulnerabilities?
The good news is as of today, there aren’t any reports of a successful Meltdown or Spectre hack and security patches are being put in place. But given an attack could be possible, it’s wise to be diligent and take action to protect your devices.
Check your software versions, allow authorized updates from your providers as they come out, and read this article for more information.