Meltdown & Spectre: Everything you need to know about the new vulnerabilities

15 January 2018, by

When you push the start button on your computer, rarely you would think about how it “works”. Processors are vital to running all our computerized devices. That’s why it’s a big deal that they have major vulnerabilities, such as Spectre and Meltdown, that leave them open to hacking attacks. As they run all the essential processes on your computer, chips handle extremely sensitive data. That includes passwords, encryption keys and the fundamental tools for keeping your computer secure.

The Spectre and Meltdown vulnerabilities revealed on the 3rd of January could let attackers capture pieces of information, they shouldn’t be able to access. As a result, an attack on a computer chip can turn into a serious security concern.

The vulnerabilities have been reported with these codes CVE-2017-5753, CVE-2017-5751 and CVE-2017-5754.

But what exactly happened? Who will be affected and how we can protect ourselves? Keep reading and you will find everything you need to know!

What happened and what are these new vulnerabilities?

Researchers found that a design technique used in processors chips could allow hackers to access data from the memory on your device. The problem impacts processors going back more than two decades and it’s not really one vendor’s problem or an issue with a product. It’s a general design issue that impacts most modern chips of the global market.

Why is this happening?

To make computer processes run faster, a chip will essentially guess what information the computer needs to perform its next function. This process is called speculative execution. As the chip guesses, that sensitive information is easier to access.

What are Spectre and Meltdown?

The Spectre enables an attacker to trick the processor and start the speculative execution process. Then he can have access to the available sensitive data of the processor as it tries to guess what function the user will perform. The Meltdown, allows attackers to access security information through the operating system of a computer, such as Microsoft Windows or macOS of Apple.

Who will be affected?

The research showed that it is susceptible to one or more variants of attacks, the processors of Intel, ARM and AMD. The issue is got big, fast because those chips, used in devices made by Apple, Google, Microsoft, Amazon and others, all share a similar structure. Also, the flaws don’t just affect computers and cellphones, but also servers. So Amazon Web Services and Google Cloud are susceptible to the problem, too. Both said they have secured all their affected products.

How long is this vulnerability?

Researchers who work on the subject discovered the two vulnerabilities in 2017 but the issue has existed on processors for more than 20 years. That’s because the issue doesn’t result from an “unclean” code. Instead, the problem comes down to the way the chips are designed. Processors are supposed to make the secret information easier to access as they gear up to run the next process on a computer. But this is a feature, not a bug.

Have been attacks reported, related to Meltdown & Spectre?

Until now, researchers and computer companies involved, all say there are no known examples hackers using these weaknesses to attack a computer. However, now that the details of the design flaws and how to exploit them are publicly available, the chances of hackers using them are much higher. The good news is that hackers would first need to install malicious software on your computer in order to take advantage of these flaws. That makes a possible attack, more complicated.

What should I do?

We have completed the procedures required to upgrade & update the operating system on our servers infrastructure where Papaki’s Hosting plans are. By these actions, we are trying to greatly limit the likelihood of an attack. So, if you have a Hosting package on Papaki, Shared, Cloud, Managed WP Hosting or Managed WooCommerce Hosting, you do not need to take any further action. We have already installed the necessary security updates for your website. However, it is also essential to remember two keywords since computers and mobiles are affected too by these flaws. Stay updated! Right now there are a lot of things you can do to protect yourself. The companies have released patches that you can easily install. Make sure, the software and the operating system of your browser are updated! Do not click once again the button “Remind me later”. It is possible to avoid attacks through software updates. Last but not least! Check out for phishing emails. Emails that trick you into clicking on a link and downloading malicious software. This is still the number one way for hackers to get a foothold on your computer.

So keep your eyes open up for new updates and bizarre emails calling for “action” -Read, think, and then click. Don’t be a fish and catch the bait! ;) Stay safe!

Join the Discussion

Leave your comment