Posted by: Heather Shy on January 5, 2018 at 3:04 pm
What’s That Intel Processor Thing All About? Meltdown, Spectre, and You
Summary: Meltdown and Spectre are major vulnerabilities in central processing unit (CPU) chips that may leave data open to hacking. The problem affects CPUs from several manufacturers, including Intel, ARM, and AMD.
On Tuesday, January 2, The Register (UK) announced a major flaw in Intel, ARM, and AMD central processors, some going back as far as 1995. Without getting too technical, the method that allows these processors to work faster, called speculative execution, leaves “extra” information vulnerable. Some of that information could be confidential, such as user information or passwords.
As Chris Williams, US Editor for The Register explains, “Unfortunately, the chips… do not completely walk back every step taken when they realize they’ve gone down the wrong path of code. That means remnants of data they shouldn’t have been allowed to fetch remain in their temporary caches, and can be accessed later.”
Since then, security researchers have categorized the specific vulnerabilities as Meltdown and Spectre. The basics of what you need to know, however, are similar.
First of all, there are no known exploits to these vulnerabilities. That means that no one has written a virus or malware that can take advantage of the flaw. Yet. As far as researchers know.
Secondly, technology providers responded swiftly and proactively to this issue so far. Microsoft already released a security update that patches Windows, Edge, and Internet Explorer. Apple’s Mac OS 13.2, released in December, also addresses the issue. Amazon and other cloud providers have patched their systems already. Further protections will surely come down the line quickly. We’ll make sure to let you know as we hear about them.
Note that all patches and software updates are workarounds only. This flaw is baked into the actual CPU chips. The problem will require chip manufacturers to redesign for better security, of course. Yet the market demands ever-faster processing speed. Balancing those two requirements for chip design is going to take time, so replacing hardware is not necessarily the best defense at this point. It may become so at some point down the road.
Another problem is that phones and tablets are affected as well. No doubt, OS updates for these are coming as well, but we have not seen any news about this. Keep an eye out for mobile security updates and apply as soon as you see them.
Since the flaw in the chip has to do with a computing process that was designed for speed and not security, patching it means your computer may run slower. Some experts estimate 5 to 30 percent slower.
Still, a slow computer or cloud session is not as ugly as having sensitive data stolen.
In the end, our advice remains the same as for other fast-breaking security news:
- Run security patches and updates for operating systems and browsers as they become available.
- Don’t click links or open attachments you aren’t expecting.
- Avoid questionable web sites.
- Have a managed firewall, along with up-to-date anti-virus and anti-malware
- Partner with a security-focused managed services provider who can help untangle these sorts of messes.
We will continue to monitor this situation closely and let you know as things develop.