This site uses cookies to improve your experience and to provide services and advertising. By continuing to browse, you agree to the use of cookies described in our Cookies Policy. You may change your settings at any time but this may impact on the functionality of the site. To learn more see our Cookies Policy.
OK
Dublin: 13 °C Friday 16 November, 2018
Advertisement

Spectre and Meltdown: What you need to do to keep your computer safe

Patches have been issued to help protect against the flaws.

Image: Shutterstock/Duncan Andison

PEOPLE HAVE BEEN warned to install updates on their computers and mobile devices in a bid to protect against vulnerabilities that could allow hackers to access sensitive data.

The Spectre and Meltdown vulnerabilities affect computer chips from Intel, AMD and ARM.

Personal computers, mobile phones, servers and operating systems such as Microsoft Windows, Linux and Apple macOS could be impacted. Software companies have issued patches to fix the vulnerability.

Brian Honan of BH Consulting said failing to install these patches will leave people at risk of hackers stealing sensitive information such as passwords from the memory of their computer.

Speaking to TheJournal.ie, Honan said people could also be lured to third-party websites that could exploit the bug on their PC.

Honan said websites are also at risk, particularly if they gather sensitive data, and should “deploy the patches as quickly as possible”.

In a statement, Intel said: “Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available. Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied.”

Performance 

“There’s the potential that applying the patches could impact the performance of the machines,” Honan said, noting that older machines or those already under a lot of pressure may be particularly affected.

He described the situation as a “Catch 22″ as people won’t know if their device’s performance has been affected until they install the patch.

However, Honan said the pros of installing the patches outweigh the cons, stating: “This issue is so widespread it’s only a matter of time before it’s used in attacks.”

Some researchers have said any fix could slow down computer systems by 30% or more. Responding to this, Intel said: “Any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”

Serious flaws 

Last year, Google’s Project Zero team discovered serious security flaws caused by a technique used by most modern processors to optimise performance.

Researcher Jann Horn demonstrated that malicious actors could take advantage of the technique, known as speculative execution, to read system memory that should have been inaccessible.

In a statement, Google said: “For example, an unauthorised party may read sensitive information in the system’s memory, such as passwords, encryption keys or sensitive information open in applications.

“Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.”

Read: People being warned to check systems as Intel reveals ‘serious flaws’ in its computer chips

Read: ‘A digital revolution’: Forty schools to offer Computer Science as Leaving Cert subject in September

  • Share on Facebook
  • Email this article
  •  

About the author:

Órla Ryan

Read next:

COMMENTS (41)

This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
write a comment

    Leave a commentcancel