There are new bugs affecting nearly every computer and device. Their names are Meltdown and Spectre.
Have you heard the news stories yet? This week, there has been an avalanche of reports of massive security issues surrounding bugs.
Here’s what you need to know about Meltdown and Spectre–the two huge bugs that affect almost every computer and device out there.
Computer researchers have recently found out that the main chip in most modern computers—the CPU—has a hardware bug. It’s really a design flaw in the hardware that has been there for years. This is a big deal because it affects almost every computer on your network, including workstations and servers.
These bugs, Meltdown and Spectre, allow critical information stored deep inside computer systems to be exposed. Which means, the bugs open up a gateway for hackers to get into any computer system affected by the bug.
Meltdown breaks isolation between the user app and the OS. It affects Intel processors, and works by breaking through the barrier that prevents applications from accessing arbitrary locations in kernel memory. This breakdown allows the app to do a memory dump and steal any data in it.
Spectre goes further by breaking the isolation between apps. Spectre affects Intel, AMD, and ARM processors, thus broadening its reach to including mobile phones and pretty much anything with a chip in it.
So, if the bad guys are able to get malicious software running on your computer, they can get access to your passwords stored in a password manager or browser, your emails, instant messages and even business-critical documents. Not good.
Who is affected? The short answer: pretty much everybody.
Because Meltdown and Spectre are flaws at the architecture level, it doesn’t matter whether a computer or device is running Windows, OS X, Android, or something else — all software platforms are equally vulnerable.
The good news is that the attack is easiest to perform by code being run by the machine itself — it’s not easy to pull this off remotely.
So, what can you do about this?
You need to update and patch all machines on the network. This is going to take some time, some of the patches are not even available yet. You also may have to replace some mission-critical computers to fix this.
It’s worth noting that there won’t be a “recall.” If this flaw affected a single device, like the battery problems in Samsung’s phones a while back, a recall would make sense. But this is an issue that affects millions, perhaps billions of devices.
In the meantime, you need to be extra vigilant, with security top of mind and Think Before You Click.
If you have any questions, please feel free to reach out to the MRW Systems team at 410-751-7111. Our NetGarde Security Professionals work with our clients to ensure their software is always up to date, and that all avenues for digital entry to your network are protected.