PEOPLE HAVE BEEN warned to install updates on their computers and mobile devices in a bid to protect against vulnerabilities that could allow hackers to access sensitive data.
The Spectre and Meltdown vulnerabilities affect computer chips from Intel, AMD and ARM.
Personal computers, mobile phones, servers and operating systems such as Microsoft Windows, Linux and Apple macOS could be impacted. Software companies have issued patches to fix the vulnerability.
Brian Honan of BH Consulting said failing to install these patches will leave people at risk of hackers stealing sensitive information such as passwords from the memory of their computer.
Speaking to TheJournal.ie, Honan said people could also be lured to third-party websites that could exploit the bug on their PC.
Honan said websites are also at risk, particularly if they gather sensitive data, and should “deploy the patches as quickly as possible”.
In a statement, Intel said: “Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available. Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied.”
Performance
“There’s the potential that applying the patches could impact the performance of the machines,” Honan said, noting that older machines or those already under a lot of pressure may be particularly affected.
He described the situation as a “Catch 22″ as people won’t know if their device’s performance has been affected until they install the patch.
However, Honan said the pros of installing the patches outweigh the cons, stating: “This issue is so widespread it’s only a matter of time before it’s used in attacks.”
Some researchers have said any fix could slow down computer systems by 30% or more. Responding to this, Intel said: “Any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”
Serious flaws
Last year, Google’s Project Zero team discovered serious security flaws caused by a technique used by most modern processors to optimise performance.
Researcher Jann Horn demonstrated that malicious actors could take advantage of the technique, known as speculative execution, to read system memory that should have been inaccessible.
In a statement, Google said: “For example, an unauthorised party may read sensitive information in the system’s memory, such as passwords, encryption keys or sensitive information open in applications.
“Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.”
To embed this post, copy the code below on your site
have your say