On Wednesday, a group of security experts revealed two security flaws that affect nearly all microprocessors, the digital brains of the world’s computers. These flaws, called Meltdown and Spectre, could allow hackers to lift passwords, photos, documents and other data from smartphones, PCs and the cloud computing services that many businesses rely on.
Some of the world’s largest tech companies have been working on fixes for these problems. But the researchers who discovered the flaws said one of them, Spectre, is not completely fixable. “It is a fundamental flaw in the way processors have been built over the last decades,” said Paul Kocher, one of the researchers who discovered these flaws.
Here is a guide to what you need to know and what you should do.
Both are issues with the way computer chips are designed.
Meltdown affects most processors made by Intel, the company that supplies the chips for a majority of PCs and more than 90 percent of computer servers.
Spectre is far more difficult for hackers to exploit. But it is even more pervasive, affecting Intel chips, microprocessors from the longtime Intel rival AMD and the many chips that use designs from the British company ARM. Your smartphone most likely contains an ARM chip.
Both flaws provide hackers with a way of stealing data, including passwords and other sensitive information. If hackers manage to get software running on one of these chips, they can grab data from other software running on the same machine.
This is a particular issue on cloud computing services.
Operated by companies like Amazon, Microsoft and Google, these are services where any business or individual can rent access to computing power over the internet. On a cloud service, each server is typically shared by many different customers. By exploiting the Meltdown flaw, a hacker can just load some software onto a cloud service and then grab data from anyone else who has loaded software onto the same server.
Phones and PCs are more difficult targets. Before they can exploit the chip flaws, hackers must find a way of getting their software onto your device. They could fool you into downloading an app from a smartphone app store. Or they could trick you into visiting a website that moves code onto your machine.
They are trying. Meltdown can be fixed by installing a software “patch” on the machine. Microsoft has released a patch for…
Latest posts by Peter Bordes (see all)
- Teardown: What’s Inside a Christmas Laser Projector? - January 22, 2018
- Seek and Exploit Security Vulnerabilities in an Infusion Pump - January 22, 2018
- Quantum Computing Hardware Teardown - January 22, 2018
More from Around the Web