These security vulnerabilities had been present for over 20 years in any computers equipped with modern Intel and AMD processors, meaning that almost all smartphones and laptops are most likely affected. The vulnerabilities themselves can be exploited by malicious hackers seeking to leak personal information, which has led to a flurry of large-scale patches being released by tech companies such as Microsoft, Google and Apple. While these patches have remedied some of the problems, for the most part, they have sparked issues of their own and many users have reported performance issues on various devices as a result.
Business owners have to be particularly cautious when it comes to data security, as they tend to not only their own personal and business information, but also the personal and business information of their customers and clients. Here’s what you need to know:
What Exactly are Spectre and Meltdown?
Meltdown is a CPU vulnerability that allows a user mode program to access privileged kernel-mode memory. So in layman’s terms, this basically means that rogue systems can bypass normal security checks within Meltdown-affected systems to access and read memory. It affects all out-of-order Intel processors released since 1995 with the exception of Itanium and pre-2013 Atoms. No AMD processors are affected by Meltdown.
Of the two vulnerabilities, Meltdown appears to be the easier one to fix, and can largely be addressed with operating system updates.
Spectre, on the other hand, isn’t so much a specific vulnerability as a new class of attack. It’s caused by the unintended side effects of a process called Speculative Execution, which is something processors do where they predict instructions based on activity history and behaviour, then execute those actions in advance. Spectre can potentially allow attackers to extract information from other running processes (e.g. stealing login cookies from browsers).
Intel, ARM, and AMD processors are all reportedly affected by Spectre to some degree, and it’s posing some significant patching problems. While operating system and browser updates can mitigate the risk of Spectre to some degree, a lot of experts agree that the only way to fix it for sure might be a hardware update. This could mean that Spectre may be an ongoing issue in the coming years as companies look for a software solution.
What Does This Mean for Businesses?
So how does all of this actually affect business owners? Well, given that most businesses will use computers and devices powered by Intel and AMD chips, the issues presented by these vulnerabilities could pose a pretty major threat. Hackers in Germany have already started using fake emails to trick people into downloading malware, thinking it’s the latest security updates. They then use this malicious software to steal personal and business information. The loss of sensitive information (especially customer information) could seriously slow down business operations or even halt them altogether.
The underlying issue of software patches from Apple, Google and Microsoft causing major performance issues within computers and smartphones could also prove to be a challenge for business owners. Underperforming equipment could impact workflow and efficiency, potentially leading to lost customers and profits.
How to Tell if you are Affected or Have Been Hacked
The worrying thing about Spectre and Meltdown is that all processors made in the last 20 years are all affected. This is probably due to the major processor manufacturers, Intel and AMD, focusing on speed and performance, pumping out newer, faster and more powerful models year on year without giving as much consideration to the security aspects of the chips.
Most common smartphones, laptops and computers will use these chips. If you’re what processor your device has, you can check the “About” section in the Settings menu and it will give you the specs, alternatively, you can contact your manufacturer. If you think you have been hacked already, it’s best to take your device to the provider (like an Apple store) or an IT professional to get it looked through. It’s also worth checking what software version you have installed and the notes for previous updates as well as if there are any new updates available. Always keep your software up to date as they will often have important security features in them.
How to Remove the Vulnerability
There is still no surefire fix, but first things first: update your software. While not always a sure fix, each update is getting closer so it’s important to keep your system up to date. Unfortunately, allowing for these new updates to roll out onto your computer or phone can negatively affect the performance of your system, however, this doesn’t apply to everyone. If you are running Windows 10, Microsoft has stated that you will not notice the slowdowns. However, if you are using a system with an older processor or operating system, the slowdowns will be noticeable.
Do NOT avoid these updates. Intel is working to reduce the performance impact of these updates, and this breach in security needs to be filled. There are still rolling updates as companies continue to bulk up the security, so make sure you keep your system up to date. While some of these updates are still a bit buggy, they are being released and reviewed regularly.
Always ensure to install updates directly from your computer’s manufacturer, as well as browser updates. Do not install any software from publishers you don’t know. Another precaution you can take is to contact your local IT specialist and get them to run a PowerShell script created by Microsoft, which tests any updates that are attempting to mitigate Meltdown or Spectre to ensure they won’t cause any performance downgrades when they’re installed on employees’ computers. Additionally, some anti-virus programs such as Symantec will install patches to eliminate any of these updates that may slow down your devices.
Is This a Big Issue?
Yes. The magnitude of this security breach is huge, with devices being affected on a global scale. While there is good news in that the major manufacturers, AMD and Intel, and companies like Apple and Google are on to it now. Patches have been released that will somewhat fix the vulnerability, but the scary thing is that Spectre and Meltdown have been present for a long time and your computer may have been affected without you knowing.
Unfortunately, many experts believe that the only surefire way to protect against Spectre and Meltdown is a hardware upgrade to a generation of chips not affected by the vulnerabilities. While most users will probably be fine with proper internet security behaviour, it’s still worth either doing a security sweep of your system yourself (if you know how) or getting someone to do it for you.
Read more about both Spectre and Meltdown.