“Hide your tablets, hide your PCs!”
There’s a big freak-out going on in infosec and mainstream media over two major vulnerabilities dubbed ‘Specter’ and ‘Meltdown’. But what do these catchy names mean for you?
I’m here to tell you that they’re actually kind of a big deal, however I wouldn’t go stomping on your devices quite yet.
“Technology companies are working to protect their customers after researchers revealed that major security flaws affecting nearly every modern computer processor could allow hackers to steal stored data—including passwords and other sensitive information—on desktops, laptops, mobile phones, and cloud networks around the globe” Washington Post.
To be clear, this isn’t an iOS vs. Windows vs. Android issue. Pretty much no device is out of the woods. Even worse is the fact that for Spectre the solution isn’t as simple as patch-and-be-done.
“There’s no complete software patch for Spectre right now” said Michael Daly, chief technology officer of cybersecurity and special missions at Raytheon, a defense company, to the Washington Post, “The long term solution may rely on a hardware redesign, with software patches acting to monitor and stop malicious behavior. In the meantime, criminal actors and nation states could further develop the Spectre vulnerability, making attacks easier to execute.”
What? Okay, so what he’s saying is the physical component in the computer would need to be changed in order to fully eliminate the possibility of someone getting into your system. Therefore the only solution they can offer at this time is the equivalent of installing a security guard on the inside of the door to sit there, watch, wait, and pick off intruders as they try to enter. Not the most optimal solution, but at least it’s something.
The other vulnerability, Meltdown, has to do with Intel processors made after 1995. There are patches out there by many of the major players (Apple, Windows, etc.) to defend against bad guys taking advantage of the flaw, but they could come at a cost—a hit of up to 30% computer performance. That being said, there hasn’t been much of a report of people experiencing a slowdown so hopefully you and your devices won’t actually notice a thing.
Okay, Stacey, so what do I need to do?
You should keep doing the same thing you should have been doing all along—keep your devices up to date. If there is an update available for your phone, tablet, or PC, install it. That includes updates for your internet browsers and other programs as well. Taking a potential hit in the speed of your device is better than risking someone snooping your personal information. To date nobody has reported an attack that has capitalized on these two vulnerabilities, but you better bet that there are plenty of hackers out there trying.
Want a more thorough explanation of Spectre and Meltdown? Check out the video below from SANS Digital Forensics and Incident Response: