At the very start of 2018, information surfaced about possible vulnerabilities found within computer chips of potentially millions of devices. These flaws were officially published, discovered by researchers, most notably Jann Horn of Google’s Project Zero, and intellectuals at Graz University of Technology.
These newly-found security issues hold potential to leak vital information such as personal data and user passwords. The issues arise from the advance of processors which have progressed to run operations parallel to one another. The ability of modern-day processors to run calculations for multiple programs at once is what helps create the security flaws, given the names Meltdown and Spectre.
Meltdown has been said to mainly affect machines running on Intel processors, given Intel’s grip on the processor market, and this isn’t good news. Meltdown exploits processors to access memory within an operating system it wouldn’t be able to find otherwise. It dissolves the walls built around the operating system and programs. Programs using meltdown have access to sensitive information normally blocked by the operating system. Patches or updates have been released for Meltdown from several of the tech giants, which includes the likes of Google, Microsoft, Apple, Intel, and Amazon.
Spectre, unlike Meltdown, has the potential to affect any device, regardless of hardware or software. Spectre, while possibly impacting more devices, is much harder to implement within a device, but more difficult to mitigate once it becomes infected. It breaks down the blocks of information between other programs, allowing a program that Spectre has penetrated to access outside information that would normally be barred from. There currently aren’t any quick-fixes like a software update, due to Spectre having more to do with hardware and its architecture.
Google stated that they made companies impacted aware of the security deficiency at the beginning of July in regard to Spectre, and as early as late June for Meltdown. Companies are tirelessly working to fix the vulnerabilities. Google, Amazon, and Intel have released statements about Spectre, trying to provide some sort of relief.
Any informed and concerned technology-using consumer needs to know how to better protect against security hacks like Spectre and Meltdown, and certain practices can help keep personal data better protected.
When creating passwords have a decently long password (usually recommended to be a phrase rather than a word), not repeating passwords and keeping activity under surveillance aids anyone with improved security. One would be advised to install any update available to them and to try to stay up to date with new information as it comes available. Being aware of where your information is going, as well as providing strong, unique passwords gives all the strength to avoid dangerous vulnerabilities like Spectre and Meltdown.