Just this past week, the Software Engineering Institute announced that computer chips in most technology is vulnerable to a cyberattack – allowing bad actors the ability to access and exploit sensitive data stored on smartphones, tablets, desktops and even the cloud.
The code name for the two chip vulnerabilities: Spectre and Meltdown.
This blog will address what these threats are, how you can minimize your exposure to them and what to expect in the coming days and weeks.
What is Spectre?
Spectre is a vulnerability that forces other programs on a user’s operating system to access an arbitrary location in the program’s memory space. Spectre is not just one vulnerability, it is an entire class. It centers on branch prediction, which is a part of speculative execution, which makes it dangerous for most systems.
What is Meltdown?
Meltdown is the more serious exploit, and the one that operating systems are rushing to fix. It breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system. This flaw affects Intel processors because of the aggressive way they handle speculative execution.
What Can You Do to Stop it?
While there isn’t a general patch for all systems, you should know that Apple, Google, Amazon, Dell, Intel and others are working hard to roll out interim solutions to these vulnerabilities.
However, here are three things you can do today to help:
- Update your operating system and software.
Make sure you are at the latest levels, as they will provide a partial fix for now. Microsoft, Google and Apple have already issued fixes, while Intel and Dell are working hard to come out with patches very soon. As we have stated repeatedly, upgrading to the latest software provides better security to you and your organization.
- Only download software from trusted sites.
Don’t allow users to download apps, PDFs or click on hyperlinks, unless they have been approved by your organization.
- Hire a cybersecurity company.
Have them test, audit and implement changes within your organization. The right company can identify the risks and vulnerabilities within your IT infrastructure and help you put a plan in place to monitor and address your problems.
What is the Downside?
According to user postings on Linux message boards, these patches may slow down your device by as much as 30 percent. Why? Because the removal or reduction of speculative execution on the chips will bring hardware levels back to the way they were 10+ years ago.
In order to truly get rid of this vulnerability, the processor chips need to be entirely redesigned which may take years to accomplish, according to Sitaram Charmarty, a security researcher for Tata Consultancy Services.
Shellproof Security Can Be Your Upside
While all this news may sound startling and scary, call and let the staff at Shellproof Security walk you through the best way to proceed. Our experts are available at 212-887-1600. Learn more about the ways we can serve your small to mid-sized business.