Security experts have discovered two major security flaws in the microprocessors inside almost all the world’s computers. The two flaws, called Meltdown and Spectre, could enable hackers with malicious intentions to circumvent a computer’s own controls to reveal the entire contents of that computer’s memory. It is not just desktops and PC’s that are at risk here, but also mobile phones, IoT devices, and servers running in cloud computing networks.
Meltdown is the immediate problem because many large companies use cloud computing services like Google, Amazon and Microsoft. Theoretically, a hacker could get space on a cloud service and take advantage of the flaw to access personal information like passwords and photos from other unsuspecting users. Personal computers not attached to the cloud are less vulnerable here because hackers would have to install software on each computer first.
It was shortly after these vulnerabilities were revealed that a security patch was resealed to address the Meltdown flaw. While the patch does fix the issues, it is not perfect. It can slow down computers by as much as 30 percent according to the New York Times (however, it should be noted that these slowdowns are less likely in highly optimized applications). This won’t do for many users that used to computers operating at the speed of light. All three companies have encouraged their customers to update their own software in the meantime because a potential 30 percent slowdown is still better than a compromised machine.
Spectre has been found to expose core memory in most computers and mobile devices. It affects most processors in use today, although researchers believe this flaw is more difficult to exploit. Unlike Meltdown, there is no quick fix. Fixing the Spectre security vulnerability would require redesigning the processors, researchers have said. Because of this is will likely be an issue that will take decades to eliminate completely, it is up to the chip makers like Intel to address this problem, considering it is a design flaw that has been replicated by many processor manufacturers. A fix might not be available until new chips start hitting the market.
Right now, it is unknown if hackers have been able to carry out these theorized attacks as neither flaw leaves any traces that they were there. This is leading many businesses to ask what they can do to protect themselves.
At Packetlabs we recommend an “always on” approach to cybersecurity Ad-hoc or even annual analysis is just not enough in today’s digital climate. We offer IT security consulting services to help you protect your organizations most valuable assets – intellectual property and customer data. Contact us today to learn how you can protect your organization from threats like Meltdown and Spectre.