Just as the calendar turned to 2018, the IT security world was turned on its head when two major security flaws in virtually all modern computers were disclosed to the public. The two vulnerabilities, Spectre and Meltdown, are flaws in modern processors that allow hackers to steal information from the memory of computer programs. These two vulnerabilities leave all modern computers much more susceptible to malware and hackers. Additionally, they don’t leave any trace when exploited by hackers. In a word, they are catastrophic.
Spectre and Meltdown are two separate vulnerabilities with different symptoms. In this post, we will examine each one and how you can protect your business and information.
Spectre and Meltdown
Meltdown allows hackers to gain access to parts of a computer’s memory utilized by an application and operating system. Intel processors, which are inside over 90% of modern computers, are susceptible to Meltdown.
Spectre leaves data or files stored in the memory of running programs susceptible to hackers. Examples of data easily accessed by Spectre include passwords and login keys. Spectre affects Intel, AMD, and ARM processors. Spectre is harder to protect against, but also more difficult for hackers to utilize.
These security breaches are connected to a technique that modern processors utilize called speculative execution. Basically, processors will “speculate” the programs they are expected to run, allowing for faster execution. Unfortunately, it is this technique that leaves normally isolated data susceptible to hackers.
Who is Affected by Spectre and Meltdown?
Every Intel processor built since 1995 is susceptible to attacks from Spectre and Meltdown related vulnerabilities. This means that the potential impact of these vulnerabilities is astounding. The majority of desktops, laptops, and smartphones in use today are potentially at risk. Cloud-computing and multiuser servers are also at risk. The bottom line is this: Spectre and Meltdown are not an obscure security risk that does not require attention, these are serious widespread issues that every business needs to protect itself against.
Fixes and Patches
There are already a number of patches from companies like Apple and Microsoft available to fix Meltdown and mitigate the dangers of Spectre. Unfortunately, the risks associated with Meltdown and Spectre are incredibly complicated, and many in the IT security industry feel it could take years before all of the possible security breaches are properly dealt with.
Companies such as Amazon and Microsoft will continue to roll out patches and updates throughout 2018, but unfortunately, extensive downtime is also to be expected while these patches are developed.
Linux and Windows platforms may have suffered the most damage, in order to protect these programs from Meltdown substantial rewriting is necessary. Performance has been reported to slow down up to 30% after patches have been implemented on these platforms.
Securing Your Data Moving Forward
Implementing the available patches is the first order of business for protecting your companies’ data and information. Aside from this, the only way to truly be sure you are not at risk from Meltdown and Spectre is to work with an IT security firm like JDL Group that can properly test and analyze your systems. JDL Group will also routinely monitor and implement the newest security patches and ensure your information is safe and secure. Contact JDL Group today to schedule a free Security Health Check.
Additional Resources
https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/meltdown-and-spectre-intel-processor-vulnerabilities-what-you-need-to-know
https://arcticwolf.com/uncategorized/assessing-the-damage-from-the-meltdown-and-spectre-cpu-exploits/
https://www.wired.com/story/critical-intel-flaw-breaks-basic-security-for-most-computers/
