I had just finished uploading a piece I’d written on cybersecurity in 2018 when news broke that security experts had discovered two major security flaws in the microprocessors of nearly all computers and smartphones ever built. The small tingle of validation I felt at having been so ‘on-trend’ with my writing was immediately eclipsed by the panic-attack that followed thinking about how every device I own was now potentially compromised.
Now that I’ve had some time to digest what happened and have consulted our internal IT Security team on what I should be doing, I’d like to share with you some non-panic related information and tips.
Spectre and Meltdown
The best way to think of Meltdown and Spectre is as different techniques a hacker can use to exploit a device’s microprocessor, i.e. the small chip inside every computer or electronic device that carries out the instructions of a computer programme.
While a processor’s main function is to simply perform calculations that instruct applications on what they should be doing, over time, they end up storing small units of information (passwords, encrypted communications, etc.). It’s unwanted access to the information stored in our microprocessors that has everyone worried.
As techcrunch.com reports:
“Meltdown affects Intel processors, and works by breaking through the barrier that prevents applications from accessing arbitrary locations in kernel memory […] Spector affects Intel, AMD and ARM processors, broadening its reach to include mobile phones, embedded devices and […] anything with a chip in it.'
For those wanting an answer in English: Meltdown essentially weakens your processor’s ability to separate and protect memory space, as well as making the processes by which your computer stops malicious software from spying on your data unreliable. And Spectre gets applications to disclose information that would normally be secured safely inside a processor’s protected memory area. Both are quite difficult to pull off - from a hacker’s perspective - however, Meltdown is much easier to perform than Spectre.
Am I affected and how can I fix it?
Yes – you’re affected. It doesn’t matter what software platform you’re running, Meltdown and Spectre are hardware issues, so everyone is unfortunately in the same boat.
Long-term and full-proof solutions to both Spectre and Meltdown are going to take time. Having said that, Microsoft has already issued an emergency security patch through its Windows Update and automatically applied it to all Windows 10 users. Those that are running older and supported versions of Windows will see updates trickle through all the way up until next Tuesday (this is especially true with Windows 8).
If your IT is managed by Advantage, we have already conducted all the security updates and reviews available at this point in time to ensure your IT infrastructure is as secure as it can possibly be.
For those of you that are not currently with Advantage and are unsure as to how up-to-date and secure your entire IT ecosystem is (hardware and software combined), we encourage you to get in touch with us immediately.
For those of you concerned about your personal devices (laptops, tablets, phones, etc.) the best thing you can do is make sure you stay up-to-date with any software updates your platform provider pushes your way. For an extra layer of security, where possible we encourage you to activate two-factor authentication on all your important accounts (email, bank details etc.) and change your passwords. With passwords, make sure to change them to something that is complicated and not repeated on various accounts.
Stay safe and don't forget to make security a top priority in 2018!
Words by Camilo Lascano Tribin