A Week Later, Early Predictions about Meltdown and Spectre Largely Hold True
The two attacks affect nearly 90 percent of the world’s computers.
Recent reports suggest that computers – personal, business, and cellular alike – are susceptible to two newly discovered major security flaws. These flaws, colloquially known as “Meltdown” and “Spectre,” could open the door for hackers to access the contents of almost any computer.
Meltdown could provide hackers the ability to become squatters on cloud-based services, but more importantly provide them access to other consumers’ information, including passwords. In cloud-based services where consumers generally share servers, there are protocols in place to protect each customer’s information from being accessible to the others. Meltdown provides a way for hackers to circumvent those protocols, read sensitive data or gain access to other applications running on a shared server.
As for personal computers, including cell phones, researchers say these are at risk too. A hacker however, would first have to lure a consumer into downloading software or an app, or clicking an infected link, before being able to access personal servers.
Researchers discovered Meltdown and Spectre back in 2016. Researchers have indicated that Meltdown affects almost every computer chip made by Intel, and thus more than 90 percent of the Internet and private business operations.
So how do we fix these issues? A number of large technology companies have or are already working on installing updates and securing patches to fix the Meltdown problem. Unfortunately, these remedies may slow computers down. Early predictions argued the fixes could slow IT infrastructure up to 30% but more recent reports indicate this number is high.
The patch for Meltdown prevents attackers from being able to exploit the vulnerability; it stops their attacks even if it slows down performance. Spectre, on the other hand, does not have a solid fix; its patch just makes the attackers’ jobs harder. Because Spectre is said to be a weakness in the way processors are designed we may not see a viable fix until a completely new generation of chips are implemented.
Somewhat interestingly, US-CERT (the Computer Emergency Response Team Coordination Center) issued a statement on Wednesday of last week, suggesting that the only way to protect against Spectre is to replace affected processors. The following day, CERT deleted its statement, instead providing consumers with a list of vendors that have updated their software to help guard against Meltdown and Spectre.