Sean Bryant, Clark.com
By now, you’ve probably heard the terms Spectre and Meltdown brought up in the news. But do you understand what they are and how they can affect the technology you use daily?
Understanding Spectre and Meltdown
Spectre and Meltdown are design flaws that were found in chips from Intel, Arm, and AMD. The flaws could potentially give hackers the ability to access the memory on your devices and steal passwords and other types of sensitive information.
“These are cyber-attack techniques that seek to exploit operating system technologies that normally function safely, as designed, but researchers have cleverly identified a way to use these benign technologies for malicious purposes,” says Gary Davis, Chief Consumer Security Evangelist at McAfee in a recent blog post. “They basically manipulate the protections that separate applications from operating systems, as well as applications from other applications running on the same computer.”
These flaws can affect everything from your phones to personal computers and servers. Plus, it’s so widespread that it could affect technology that’s up to two decades old.
What Do Spectre and Meltdown Mean For You?
While this is certainly a big issue for chipmakers, it doesn’t mean you need to start panicking. Intel, Arm, AMD, and others have already been working on fixes. These will help to reduce your vulnerabilities in the future.
The biggest impact that consumers might face is hardware performance. Intel has said that the fixes they are releasing could slow devices down by as much as 30%. However, most will only see a modest decrease is operating speeds.
If you’re worried your computer or phone might have been compromised because of these flaws, you can rest a little easier. Both Intel and Arm have said that no one has been hacked because of flawed chips. A hack would require malware to be present on the device. Otherwise there would be no way to actually extract information.
“The malware that exploits this security hole actually has to get on the computer for the hacker to pull passwords, says Leia Shilobod, CEO of InTech Solutions, Inc. “If you have good browsing habits and are cautious with email, it will go a long way to keep you safe.”
To insure your device stays safe in the future, it’s important that you follow these tips based on the devices you own, thanks to CNET.
PC’s With Windows Operating System
If you have a PC that runs on Windows 10, it should have automatically downloaded and installed updated software. However, you will want to double check your settings to make sure this actually happened. You can do this by following these steps:
- Click on Settings
- Click Update & Security. If you see an update waiting to be installed then you probably don’t have the fix and you should update immediately.
- If there isn’t an update waiting to be installed you can select Update history and there should have be something from the first week in January 2018.
If you are currently using a Mac then you should have noticed system updates pop up on your screen. The High Sierra 10.13.2 update included a few different fixes for the flaws. If you haven’t updated to the latest Apple operating system, make sure you do so as soon as possible. This will help to reduce your vulnerabilities.
If you need to look and see if there are any updates available, you can follow these steps:
- Click the Apple button on the left side of the top menu bar.
- Next, select about this Mac. This will tell you which version of the operating system you are running. If it’s not at least High Sierra 10.13.2, then you should continue with the next step.
- Visit the App Store and click the update button. This will update your Mac to the latest operating system available.
iPhone and iPad
In early December Apple released iOS 11.2, which included several patches for the flaws that were discovered. If you are unsure what version of operating system you are currently using, make sure to follow these steps.
- Go to Settings.
- Click General.
- Click About.
- Scroll down and make sure the version is at least 11.2.
If you are not on at least 11.2, go back to the General menu and select software update.
Google announced that it released a software update on January 5 which included several protective patches. If you have a Nexus 5S or Nexus 6P, your phone will automatically download the new software and when prompted you can complete the install. However, if you have either a Pixel or Pixel 2 then not only will the updated be downloaded, but it will also be installed automatically.
Google Chrome, Mozilla and Microsoft
Finally, you are going to want to make sure you are surfing the web with the latest web browser. On January 23, Google Chrome will release it’s latest version. This is expected to include several mitigations to protect users against different web-based attacks.
Both Mozilla and Microsoft will also be releasing browser updates. Mozilla has already released the first of two updates designed to reduce vulnerabilities. Microsoft will be releasing their updates for Internet Explorer and Edge soon.
Spectre and Meltdown are vulnerabilities that can affect everything from your laptops to smartphones. However, by making sure you stay current with software updates and proactively running your antivirus tools, you and your information have a greater chance of staying safe.