A critical security flaw has been discovered inside billions of computer processor chips, which has the potential to impact digital device users across the world.
At this point, both Microsoft and Apple devices are at risk, with other manufacturers yet to indicate their exposure.
The flaw is the result of fundamental function design that enables chips to run faster by simplifying processes for information exchange, which dates back to 1995 – more than two decades of devices – and affects both computers and smartphones.
Using data stolen from an affected device, a criminal could compromise and drain your bank account and credit cards, commandeer social media accounts, disable mobile or home internet services, hijack Apple App Store or Google Play accounts, and even steal a person’s identity, which is then used to acquire financial credit or services under the victim’s name.
The impact of this flaw could affect billions of devices worldwide, at various levels of deployment: from personal devices, to business and enterprise, even government and essential services.
Meltdown and Spectre
Actually two flaws that function in the same way, this new flaw has been dubbed ‘Meltdown and Spectre’: one allows communication between an app and the user’s system; the other, communication between apps, respectively.
The flaw can be exploited when a user visits a malicious website or downloads a malicious app to their device. The website or app then executes a series of simple requests that unlock the deepest and most secure level of memory (kernel memory) of the device to extract any data stored within.
This data could be sensitive personal information, credit card details, and usernames and passwords for various websites, services and systems.
Who is affected?
While first reports indicated the flaw only affected computers that use an Intel processor – Windows systems and some Mac computers – it is now believed the issue affects other chip manufacturers as well.
Intel was quick to issue a statement in response to “inaccurate media reports”, saying, “… reports that these exploits are caused by a ‘bug’ or a ‘flaw’ and are unique to Intel products are incorrect,” and that “many different vendors’ processors and operating systems – are susceptible to these exploits”.
Other manufacturers – such as Apple, Qualcomm, HP, Acer and others – were yet to respond at the time of writing.
At this point, AMD has announced their processors are unaffected, despite Google’s indications to the contrary.
Rob Graham, digital security expert and ‘white hat’ hacker, has said Meltdown and Spectre, “is an incredibly important flaw that is forcing a redesign of both CPU hardware and operating-system software that we use.”
Mr Graham also stated that, “as long as they keep their software up-to-date with the latest Microsoft/Apple patch, the average user doesn’t need to care about the Meltdown/Spectre attacks.”
There is industry speculation that a fix for the flaw could result in a processor speed reduction of close to 30 per cent. Intel has indicated this is incorrect, stating the figure would be closer to 3 percent.
What to do
First off, don’t panic. It is possible for your device to be exploited when you simply visit a malicious website, yes, but considering the flaw is freshly announced, it is unlikely any websites have been compromised.
Software manufacturers are currently working on security patches that will be available shortly – expect them very soon.
To manually check for an update on a Windows PC:
- open Internet Explorer
- select Tools from the top bar menu
- click Windows Update
- on the Welcome to Microsoft web page, click Check For Updates
- follow the prompts as they apply to your system
To manually check for an update on a Mac:
- launch the App Store application from Apple menu icon, top left
- next, click the Updates icon on the right of the menu bar
- if there is an available OS update, click the UPDATE box on the right
For smartphone users:
- Open your device’s Settings app
- Navigate to: System > System Update (Android); or General > Software Update (iOS); or Settings > Phone Update (Windows)
If your computer or smartphone operating system has auto-update feature, switch this on to automatically receive the update when it becomes available.
Also note that antivirus software will not detect Meltdown or Spectre attacks.