On Jan. 3, researchers revealed two cybersecurity flaws present in nearly every device you own. These flaws allow hackers using malicious code to steal your passwords and other personal information. Dubbed Meltdown and Spectre, the exploits take advantage of flaws in the design of basically every device’s microprocessor.
Here’s what you need to know:
Are all devices really affected?
Meltdown affects all Intel chips, which are used in most PCs, and some ARM chips, which are used in most smartphones. Spectre affects those chips too, as well as designs from Advanced Micro Devices (AMD). This means the flaws potentially extend to nearly all devices powered by those chipsets, including desktop computers, laptops, smartphones, tablets and servers that run cloud services.
Cloud computing services are especially at risk because each server on a cloud service is typically shared by a number of different customers. This means that by taking advantage of the Meltdown flaw, a malicious actor could simply load software onto a cloud server and then potentially grab sensitive information from anyone else who is storing data on or accessing that server.
Phones, tablets and computers are more difficult targets because hackers must first get their software onto the device. For this reason, it’s important to be cautious of malicious or copycat apps or websites.
What can I do to protect myself?
First update your operating systems and apps like your web browser and antivirus software. Also consider installing an ad blocker. Most websites don’t have strict control over the ads that appear on their sites, and malicious code can sometimes appear inside ad networks. Companies will continue to release additional patches for these issues, so update often.
No incidents of hackers exploiting these vulnerabilities “in the wild” have been reported yet, but it’s only a matter of time – so don’t wait to protect your information.
Will I need to replace my hardware?
While the U.S. Computer Emergency Readiness Team (CERT) initially believed that total hardware replacement would be necessary to completely protect against Meltdown and Spectre, it now recommends users “apply updates” as the solution.
Still, others say that in the long term, Spectre may in fact be impossible to defend against entirely without updating hardware. Thankfully, Spectre is much harder for hackers to exploit.
What patches and updates exist?
CERT has compiled a helpful list of cybersecurity patches published in response to the vulnerabilities. They will continue to update the list as more updates are available. You can access it here.
For our fellow tech folks out there: MITRE has reserved three CVE designations, which will be updated as more information is available:
Will applying the patches slow down my device?
The researchers who uncovered the security issues said that, in regards to Meltdown, patching systems could slow them down by as much as 30 percent in certain situations. Intel countered in a statement that, “[c]ontrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”
Some experts claim that patches for Spectre will negatively impact CPU performance to a greater degree than Meltdown patches. We expect to see more research on this in the coming days.