CompuClever Blog

Spectre and Meltdown: Massive Security Holes Impacting All Mac and PC devices

by

Just as we start a new year, there are new computer vulnerabilities identified by researchers. The impact of these defects could be experienced by almost any computer worldwide! The implication – millions of devices could be vulnerable to hacking or, if patched, suffer some degradation in speed.

The identified flaws are in the very core of the computer hardware – the CPUs or also known as the processors.

About The Defect

The two newly identified defects have wide ranging impacts on devices from the phone you are carrying to the servers that send data to it as well as other mobile devices, laptops and desktops whether PC or Mac. The vulnerabilities enables hackers to access people’s personal information.

Google’s Project Zero team states that these flaws can enable hackers to gain passwords and other sensitive data from system memory.
The two flaws are known as Spectre and Meltdown.

Meltdown: Named this way because it melts security boundaries which are normally enforced by the hardware. This was found mostly in Intel processors (as far back as 1995). Also ARM has reported their processors are affected, but it is unclear at this time if AMD processors are affected. This vulnerability can be patched through an update. However, this fix could slow down computers as much as 30%.

Spectre: The name is derived from the root cause: speculative execution. It is not easy to fix – it requires a re-design of computer chips – so it is likely to haunt us for some time to come. This defect was found in Intel processors as well as AMD and ARM chips. While this flaw is harder to exploit for hackers, it is also more difficult to mitigate for users.

For more information on these we highly recommend going to: https://meltdownattack.com/

The Impact

Google engineers discovered these flaws and had kept the news a secret to enable time for fixes to be created and issued before other computer hackers could take advantage. However, Intel was forced to disclose as the story received coverage when a British tech website, The Register, uncovered it. This led to a drop in Intel’s stock.

These flaws have wide ranging impacts on all types of chip-based devices including cell phones, laptops and desktops – whether PC or Mac.

According to researchers:

“While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs,”[1]

News reports are emerging that any computer made over the last 20 years could be impacted and that fixing the issue could cause significant disruption around the world. So in a nutshell, it is almost certain that your PC is affected, especially if it uses an Intel based chip.

Companies such as Amazon state they are in the process of creating and distributing a fix for their services and devices. They made a statement: “This is a vulnerability that has existed for more than 20 years in modern processor architectures like Intel, AMD, and ARM across servers, desktops, and mobile devices.”[2] They further stated that most of its infrastructure had now been made safe.

However, for older computers the update could be more difficult. Many devices have few updates as phone makers are slow to provide updates.

Risk Mitigation

It is not safe to work with sensitive information given there is a chance of leaking information if your device has a vulnerable processor and runs an unpatched operating system. This is applicable to personal computers and anyone using cloud infrastructure.

To deal with these defects you will need to update your software as patches become available.

Unfortunately, with older computers it may be harder to update. For many devices – especially those running Android – updates are few and far between since phone makers are often slow to provide their customers with new updates.

According to the Meltdown site:

There are patches against Meltdown for Linux , Windows, and OS X. There is also work to harden software against future exploitation of Spectre, respectively to patch software after exploitation through Spectre.

There is also work to harden software against future exploitation of Spectre, respectively to patch software after exploitation through Spectre.

The site goes on to explain that unlike usual malware, Meltdown and Spectre are hard to distinguish from regular benign applications. However, your Antivirus program may detect malware whichuses the attacks by comparing binaries after they become known.

We highly recommend that you ensure using a legitimate and effective Antivirus program such as: CompuClever Antivirus PLUS.

Brace for a Slowdown

To add salt to the wound, your device could be slower after you have made it safer from hacks. Hard to imagine – you fix your device and it actually results in a slowdown!

Intel says the average computer user won’t experience significant slowdowns after receiving the fix.

However, there are news reports[3] that state fixing these defects will slow performance – especially for devices more than five years old. And for companies that deal with considerable network traffic and processing power the slowdown could be even more severe. This includes cloud computing providers, systems that crunch data, and retailers that process consumer transactions.

Was there ever a time that having your PC running at peak performance was more critical?

Which brings us to our second recommendation: CompuClever PC TuneUp Pro – not only will you find areas of improved system performance you can also better manage security of sensitive data.

Moving Forward: There are reports[4] that point out that some experts are saying the affected processors will need to be replaced entirely in order to completely get rid of the risks created by these flaws. We can’t foresee newly designed chips replacing flawed ones in existing devices in the near future.

At present, there are no available processors that can replace the vulnerable ones and still provide the same kind of functionality. It will be years before new chips that can perform the same tasks safely and effectively, will be made available.

During the wait we need to take whatever measures we have that are at our disposal, to remain safe and to ensure the best performance we can manifest.

[1] https://meltdownattack.com/

[2] https://aws.amazon.com/security/security-bulletins/AWS-2018-013/v1/

[3 & 4] http://money.cnn.com/2018/01/04/technology/business/apple-macs-ios-spectre-meltdown/index.html