Meltdown and Spectre are the latest vulnerabilities that affect the computers and mobile phones you use. Find out what they are and how best to protect yourself from potential attacks to steal your emails, passwords and other important information.
The computer world is no stranger to a recent spate of cyberattacks that have occurred over the past year. Apple’s Mac OS suffered an embarrassing setback when a flaw was found in its operating system, which allowed users to bypass its login security.
If you’ve been keeping up with the news or on social media, terms such as “Meltdown” and “Spectre” may have popped up often on your newsfeed.
Both vulnerabilities, which affect the computers and mobile phones that we use, were discovered last year, but only recently disclosed to the public. Companies such as Microsoft, Apple and Google have been quick to issue updates to their software to fix the problems caused by the two.
How can Meltdown and Spectre affect you?
First, how do these vulnerabilities affect you? On any computer or mobile phone that you are using right now.
Imagine using your web browser (e.g. Google Chrome) to log onto e-commerce sites, Facebook, a web forum, or your company’s internal websites. As you’re logging in, important information such as passwords and emails are sent to the web servers. You assume that there is a secure channel between your browser and the website.
However, remember when you were typing in your email addresses and passwords? Those keyboard strokes that you type will have to go through to the CPU first before they are considered secured. That information that you entered, especially the passwords, are stored in the CPU’s memory too. With that in mind, you wouldn’t want anyone to snoop around, especially when those logins are related to company secrets.
Modern operating systems (Microsoft Windows, Apple Mac OS/iOS, Google Android) and their CPUs (Intel, AMD, ARM) are smart enough to isolate such data in memory from the rest of the apps in the system. This means that the Microsoft Word that you are using will never have access to the sensitive data that you just entered in the Google Chrome web browser.
With Meltdown and Spectre vulnerabilities, programs can be engineered to peer into the memory of your CPUs, thus breaking down the walls that isolate the apps in your system.
How does the vulnerability work?
The vulnerabilities found are so crucial to a CPU’s (basically your computer’s brain) basic design that they affect almost every computer chip manufactured in the last 20 years, and most probably the CPUs that will be launched soon. Being entrenched in how CPUs work, a redesign may be in the works on how modern processors are developed for better performance.
Contributing to the problem is a feature found in CPUs known as speculative execution, which allows a CPU to perform tasks on a computer before it is needed. A feature made over 20 years ago, this has been a mainstay of most CPUs found in computers and mobile phones.
In a very simplified form, think of speculative execution as someone trying to predict what you’re going to say next as you’re completing your sentences aloud. And let’s assume that the next word that was being predicted was a password to your Facebook account.
In the case of the vulnerabilities mentioned, someone just overheard it and they’re off stealing your password.
Got it, so what can I do?
If you have an antivirus software installed, it may detect malware that could exploit the vulnerability. Otherwise, don’t rely on it for a fix.
The best protection against them now is to update your OSs to the latest versions, so do install the latest updates as they appear. For users of Microsoft Windows, it’s best to keep your settings to auto-update the OS with the latest patches.
For more information on the vulnerabilities, take a good read at Google’s very technical description.
What do you think about the Meltdown and Spectre vulnerabilities? Let us know in the comments!
Protect yourself from scammers and hackers with these data security tips: