CPU flaws Spectre and Meltdown: What to do about it?
Two words – Meltdown and Spectre have been the subject of news, discussion, and speculation as these CPU flaws were discovered recently. Processors are integral to all modern computerized devices. This is why the discovery of these chip-vulnerabilities has caused much panic and confusion. These flaws can enable hackers to steal sensitive information.
How these flaws impact your information
These security loopholes called Meltdown and Spectre concern chips in computers, smartphones and tablets that were built post 1995. The vulnerability could allow attackers to access device memory making it easy to steal information like passwords, banking information, encryption keys etc. Affected chip companies like Intel, ARM and AMD are already in damage control mode, rolling out patches, updates and information daily on the state of things.
Security researchers at Google’s Project Zero discovered these flaws along with academic and industrial researchers. Unfortunately, these defects don’t just impact personal devices. But also, servers, cloud computing platforms like Amazon Web Service(AWS) or Google Cloud, and data centers.
Where Spectre can allow hackers to trick the processor into starting a speculative execution process. This lets them read the secret information the chip provides when it tries to guess what function the computer will execute next. Meltdown lets attackers tap into the information via the computer or device’s OS such as Microsoft Windows or Apple’s High Sierra.
In response, Apple has released several new security patches to defend Safari and Webkit from potential attacks. Microsoft too released updates for the Windows OS and its browsers with a caveat that antivirus software needs to be updated to support the patches. However, Microsoft’s Spectre-fix has led to unbootable PCs in some case so the patches have been temporarily halted.
Intel is the company most affected by this discovery. Intel has promised patching 90 percent of the vulnerable processors within a week, and the rest of them by the end of this month. Meanwhile cloud service providers such as AWS are also rushing in to fix the flaw by releasing patches and updates.
One major pain point with these updates and patches is the performance slow-down of processors, PCs and cloud servers resulting in poor performance overall.
The implications for businesses and personal users
There is no sure-shot remedy as of now but the following best practice measures can help you lower the risk.
Update your systems
Download the latest, secure patches for your browser and OS. This may mitigate the risks to a certain degree.
Educate your employees
Employees must be both aware of the threats and wary of any suspicious activity on the internet. They must exercise caution when responding to screen prompts and while opening email attachments.
It helps to be informed and educated about the next steps and mindful of any security releases. Keep checking for updates and information from relevant channels for releases and patches.
It is a little early to predict the impact of the Spectre and Meltdown aftermath. But where security is concerned, forewarned is forearmed. Keeping your systems updated is half the battle won. Every business needs a security posture with steps in place to protect the data and network. And some provisions for recovery and data backup.