PC and Mac’s latest threat: Spectre and Meltdown demystified
In recent years, increasing numbers of PC and Mac users have begun coming to an epiphany in regards to digital security. Computing has changed, from a world of basic wonder, to a universe of connected services, powered by advanced processing, the likes of which, few visionaries fifty years prior, had predicted.
With exponentially greater power, alas come exponentially growing threats, with some very hard to dodge by the tech-savvy as well as the uninitiated. The vast majority of such malware reaches unsuspecting users remotely, largely using email spam, contaminated hyperlinks, and social media.
What are Spectre and Meltdown?
This week, reports have surfaced about two serious security bugs, called Meltdown, and Spectre. It’s important to distinguish between bug and malware. These security flaws were not manufactured, but are rather the result of faulty engineering occurring over the course of 20 years of development.
Both bugs act in similar fashions, by allowing intruder malware to potentially break the barrier between secure programs and processes, and steal their secrets directly from their memory. For instance, when typing, words are temporarily stored in memory blocks that are sealed off from the rest of the operating system. This is true for any application, from Microsoft Word, to a password field in a browser.
This means that an attacker with considerable knowledge of how to exploit these flaws, would have no trouble gaining access to information such as banking logins and passwords, PIN codes, and even the ability to intercept two-step authentication codes in transit, hence rendering two-factor authentication barely as secure as regular old password prompts
No known exploits have been reported so far, but a possible scenario would play out through traditional phishing attacks, such as a bogus website where an unsuspecting user would inadvertently run Javascript containing malicious code designed to exploit the bugs, and install malware onto the host machine. Such code would only need to run once, and without user interaction, aside from the website loading process.
What systems are affected?
Owners of systems powered by Intel processors between 1995 and now are all affected by both bugs, with the exception of Intel Itanium and Atom prior to 2013.
It’s not clear whether any AMD or ARM powered system are affected, but AMD has issued statements that would suggest their processors are safe from potential exploits. Needless to say, this information may change at a moment’s notice, given the volatility of these security threats, and the varying degrees of knowledge from each source.
What can you do about it?
Security patches are being issued by both Microsoft and Apple, and by keeping your system up to date, the risk of potential exploits through Meltdown or Spectre can be minimized.
What’s the likelihood that my system will be affected?
At this stage, the chance of either flaws being exploited, and affect users, are extremely few. Both bugs have been published extensively, and with this knowledge, the landscape of both software and next generation hardware, will likely adapt to eliminate the possibility of future exploits.
Where can i find more information about Meltdown and Spectre?
The following website was set up recently, to provide information about these two security threats:
https://meltdownattack.com/
Ready to shop?
PortableOne has the best deals on Windows 10 Pro laptops, featuring the latest hardware-based security features, and full BitLocker encryption to protect your files from prying eyes.