Earlier this month information regarding a newly exposed hardware security threat became a widespread news story. What had previously only been known to overly informed tech aficionados became mainstream, as cyber criminals have been exploiting features that are common within the microprocessors that power most of our computers, smartphones, and other pieces of tech. These attacks are known as “Meltdown” and “Spectre, and they have justifiably raised concerns among many people and businesses.
Technology industry leaders are hard at work focusing on ways to reduce the risks of these potential attacks. You shouldn’t be too worried about these vulnerabilities. However it is important to make sure that your software is updated, and that you understand what risks these attacks pose.
Meltdown and Spectre Explained
To understand these vulnerabilities, you must first have a basic understanding of how computer chips operate. We require much from computers, and in order for them to keep up with these challenges, computers must think a few steps ahead, which is known as “speculative execution”.
An example of “speculative execution” would be when you access the website of your bank on your computer. The computer can analyze the situation, recognize you are going to the website of your bank, and prepare itself to load your password file. The essential piece here is that a wall exists between the tasks your processor is undertaking and the other applications on your computer. However, there happens to be a defect in this wall, and these defects or cracks that exist between the application and the processor are known as “Meltdown”. The cracks in the wall that exist between applications is known as “Spectre”
The good news is that there is a fix to these vulnerabilities; although they do have their downsides. By repairing these vulnerabilities, you in turn reduce your computer’s speed by somewhere between 5% to 30%, which depends entirely on the device being repaired. This reduction in speed is due to the affect that the fix has on your computer’s speculative execution.
Some users likely won’t notice this drop in computer speed, but it depends on the user and what demands they are placing on their processor. Industrial users that tax their computers with massive tasks will be affected most. Meanwhile, casual users that mostly use their computers for social media and streaming sites like YouTube or Spotify likely won’t notice the change.
The biggest issue at hand is how to solve these vulnerabilities moving into the future. Almost every chip that exists from producers such as Intel, ARM, and AMD are affected by these bugs, as well as all of the chips that are being designed at the moment. This means that a substantial paradigm shift must occur within the industry in regard to how these chips are being designed and constructed.
Next Steps to Take
It is highly unlikely that you will be a target of these types of attacks because it is incredibly difficult to exploit these vulnerabilities. A worthwhile analogy would be someone breaking into your car to steal your tablet by totally dismantling your car, taking your tablet, and exchanging it with an imitation tablet in order to ensure that you don’t notice.
It is however very important that you patch your computer with an update, as Microsoft has quickly launched one and there are additional updates in the works from Apple and others. The best method to ensure that you are protected is to stay up to date with all of the updates on your operating systems and applications. Additionally, it will be helpful to delete any data that exists on your computer or phone that might be sensitive. This includes banking passwords and the like.
Chances are good that you are safe from these attacks. However, these concerns are quite broad and affect how security industry professionals and chip manufacturers will maneuver moving forward.