What Are Spectre and Meltdown?
In a bombshell report as we entered 2018, researchers revealed that nearly every computer chip is affected by a set of vulnerabilities called Spectre and Meltdown. The impact is so widespread because it’s not a software issue from one developer, it’s a flaw in the way computer chips were designed. All devices, including those made by Apple, Microsoft, Google, Amazon and others, share a similar chip structure. What’s more, the flaws extend to servers, including Amazon Web Servers and Google Cloud.
How Do They Work?
Your computer’s CPU (its brain) does something called “speculative execution”. It’s part of the way processors were first designed, over 20 years ago. When your computer notices you do a task often, it tries to complete that task in the background, so it’s ready before you need it. This speeds up your experience and makes your work easier.
Imagine strolling into your local coffee shop where they know your order is the same every day. Eventually, they anticipate that you’ll be arriving at 8am sharp and have your coffee ready on the counter. However, if you change your mind and decide to order something else, they’ll need to throw that coffee away.
Your CPU is doing the same thing. It’s loading information like your credit card number or passwords, ready for you to do your usual tasks. If you change your routine and that information isn’t needed, your CPU throws it away. Just like at the coffee shop though, the trash doesn’t disappear immediately, so your credit card number and password are simply sitting there in a section of memory called the ‘cache’, waiting to be cleared away.
The Spectre vulnerability allows attackers to trick the processor into performing these speculative operations (loading up your private data), so that Meltdown can scoop it up from the trash.
How You’ll Be Impacted
Fortunately, this vulnerability isn’t easy to exploit, and there have been no known attacks as yet. However, when the researchers went public with their discovery, it also alerted hackers to an opportunity. For them to get access to your system at this level though, they would first need to infect your computer with malware.
Developers Are Releasing Emergency Updates
Most major companies such as Google, Apple and Microsoft were able to issue security updates before the flaw was announced. They’re also working closely with Intel, ARM and AMD, the main chip manufacturers, to mitigate the problem via software.
Recall how the flaw exists due to speculative execution, a process designed to speed up your computing experience? The patches and updates are changing the way your CPU uses memory, essentially putting the brakes on this shortcut. Developers are aware that slowdowns will occur but aim to keep the impact to a minimum. Windows 7 and 8 computers will be the most impacted, but Windows 10 is safer from Spectre and Meltdown. Microsoft was quick to release updates for Windows 7, Windows 8.1, Windows 10 and various Windows Server versions. Updates for older operating systems and are not being released.
How You Can Stay Protected
As any attack will first need to come through malware such as viruses, be extra vigilant with your virus protection. Update your antivirus software regularly and set your system to run full scans each week. Likewise, keep an eye out for phishing links that don’t look quite right.
Run All Updates
While nobody likes the idea of their computer slowing down, not even a fraction, it’s better
than having your credit card details or passwords stolen by a hacker. Be sure to run
updates as soon as they are released.
Microsoft has advised that patches and updates aren’t the complete fix to the Spectre and Meltdown vulnerabilities, suggesting you also update your BIOS and firmware. As this can be a tricky process, we recommend that only trained technicians do this.
Upgrade Your System
If your system is too old and won’t receive an emergency update, you’ll need to upgrade. This might mean switching to a newer smartphone, faster CPU or supported operating system.
Where to Now?
As dire as it all seems right now, this flaw has been around for over 20 years. The sky isn’t falling and there’s no reason to panic. Remember, there have no known instances of a Spectre/Meltdown attack yet, the tech world is simply closing ranks against hackers to ensure your risk is minimized. Developers and manufacturers are working together to help protect your system, and so are we. You’re in good hands.
Our Service Plans can help keep you safe from Spectre/Meltdown.
Call us today on 715-255-0325 to discuss.