Computer Chip Scare: What You Need To Know

January 05, 2018

You may have seen reports in the press of a security flaw in the processors of computers worldwide. This flaw could leave millions of systems vulnerable to hackers.

As the issue is with the microchips this potentially affects almost all laptops, desktop computers, and servers along with smartphones and tablets.

This is the bad news.

The good news is that the UK’s National Cyber Security Centre (NCSC) said there was no evidence that the vulnerability had been exploited.

We understand that the tech industry has known about the issue for at least six months and that everyone involved, from developers and security experts, had signed non-disclosure agreements. The plan, it seems, was to try to keep things under wraps until the flaws had been fully dealt with.

The vulnerability has existed for more than 20 years but now that it has been made public, there’s a concern that the bugs are discoverable and may be taken advantage of.

A full report on the vulnerability was due later this month, but due to press speculation and the heightened risk because of the flaw being made public, information is being released early.

What’s the risk?

There are two separate security flaws, known as Meltdown and Spectre.

Meltdown affects laptops, desktop computers and internet servers with Intel chips.

Spectre potentially has a wider reach. It affects chips in smartphones, tablets, and computers powered by Intel, ARM, and AMD.

The bug could allow hackers to read and steal information stored on the computer, however, it is the flaw that has been discovered NOT how it might be exploited and therefore the risk is currently unknown.

How do I protect my computer?

There is no direct user action required at the moment. As long as your computer is running the latest patched versions of the ALL of the software that you use then you are as safe as possible.

Device makers and operating system providers have had time to try to fix this and are pushing out security updates which will protect your computer, tablet or phone against a breach that uses the Meltdown vulnerability.

Users should install these updates as soon as they are made available.

Microsoft released an emergency Meltdown patch for Windows 10 on 4 January, it will subsequently be applied to Windows 7 and 8 machines.

Apple will also be releasing a patch soon, although it has not yet said exactly when.

Google said Android phones with the most recent security updates are protected, and users of web services like Gmail are also safe. Chromebook users on older versions will need to install an update when it comes. Chrome web browser users are expected to receive a patch on 23 January.

Security updates are also in the works for Apple laptops and desktops, though it is not clear whether iPhones and iPads are vulnerable.

Cloud services for businesses, including Amazon Web Services and Google Cloud Platform, say they have already patched most services and will fix the rest soon.

Spectre is thought to be much harder to patch and no fix for it has yet been made widely available.

Will the fix slow down my computer?

Some researchers have claimed that any fixes could slow down computer systems, possibly by 30%, but Intel believes these claims are exaggerated. It said any performance impacts were “workload-dependent” and the impact for average computer users “should not be significant”.

For further information on both Meltdown and Spectre; including access to white papers and technical discussion visit https://meltdownattack.com/

For official security advice from affected companies visit;

Intel – https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

Microsoft – https://portal.msrc.microsoft.com/en-us/security-guidance

ARM – https://developer.arm.com/support/security-update

Google – https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html

Amazon – https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/

 

 

Share To:
Pinterest Linkedin
  • FAST RESPONSE

    15-minute response time

  • NO LONG-TERM CONTRACTS

    Low Risk & Complete Flexibility

  • CLIENT FOCUSED

    An Extension of Your Business