On January 3, 2018, Intel announced that most of its chip processors that run the world’s computers, tablets and smartphones have a feature that makes them susceptible to hacker attacks. The flaw also affects Internet browsers and cloud computing services like Amazon Web Services, Microsoft Azure, and Google Cloud. Specifically, the problem is that processors have the ability to guess what data is going to be needed next by an application and load it into cache memory ready to be executed. The security flaw extends beyond Intel to include AMD, and ARM processors. Older PCs with older processors could see a noticeable difference in their processor speeds.
Google Researchers discovered Meltdown and Spectre
Google researchers last year discovered the weakness, which gives hackers the ability to read data stored in the memory that had been thought to be secure. In a worst-case scenario, exposed data accessible by the hacker might include passwords and credit card details. The news leaked which sent companies scrambling to find a fix immediately. The security flaw affects Intel, AMD, and ARM processors.
The two named vulnerabilities are called “Meltdown” and “Spectre“. Meltdown allows a hacker to access the central memory of operating systems like Windows, Linux or MacOS. It can be repaired by applying a patch to the operating system. The second is Spectre does not rely on the operating system and therefore cannot be patched.
As reported in the Financial Times, Tod Breadsley, director of research at Rapid 7, says the flaws were among the most significant hardware vulnerabilities ever discovered. Despite this, he said it would be easier for hackers to use other ways to exploit sensitive data like emailing links to malicious software. These hardware vulnerabilities are more likely to be exploited by nation-state hackers.
Despite the seriousness of the vulnerability, Mr Breadsley said hackers would find traditional techniques easier for exploiting and accessing sensitive data, For instance, sending links to malicious software by email is much simpler than using this flaw in the hardware. Breadsley says the Meltdown and Spectre vulnerability would more likely be used by sophisticated nation-state hackers for espionage.
Installing patches and performance issues
Patches are either available or coming very soon for Linux, Windows, Apple MacOS and Google. Unfortunately, chip processor companies must also release updates to fully fix the security flaw. Intel released a statement recommending users “check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available.” Unfortunately, according to a report from The Register, users that install the Microsoft patch could expect the performance of Intel chips to slow down by as much as 30%. Some applications will not have performance hits while others will be severely hit. Applications with repetitive processes like databases and analytics will be harder hit.
Cybersecurity professionals and firms need to be diligent ensuring all relevant security patches are installed as soon as possible. According to Katie Moussouris, founder and chief executive of Luta Security, hackers will be trying to exploit the flaws before patching is completed:
“I expect to see the weaponization of this in the organized
crime sphere very, very soon,” she said. “The criminals who
were attacking people with ransomware and bitcoin miners
will turn to using this to take over computers and steal
What you can you do?
To safeguard against the security flaw, you should ensure that you are up-to-date with security patches. Linux, Android, Apple’s MacOS, and Microsoft’s Windows 10 have all released fixes.
Currently, Spectre does not have an easy fix. The best way to safeguard against exploits is to check for regular updates to their operating systems issued by Microsoft, Apple, Linux and Google for computers and devices as they discover new Spectre-related attacks.
Initial results for the Meltdown and Spectre bugs indicate there are performance hits after patches are installed on various operating systems. Performance will improve as companies issue future updates. Also, as more developers contribute workaround and creative solutions to solve the flaw, improve will increase. For the time, it is better to be safe and secure than putting your system at risk to be exploited by hackers.
It is also advisable to get professional help for security professionals and firms due to the complexity and daily updates associated with the Meltdown and Spectre chip flaw.