Hello French Fries,
In the first throes of 2018, it came to light that billions of computer chips that have been on the market are susceptible to two security flaws, one called Meltdown and another called Spectre. Chips made by AMD and Intel, which are used widely in smartphones, computers, and cloud-service servers, are at risk of being affected by these security vulnerabilities. You may be wondering, what are these flaws, and how can you protect yourself from them?
One of the flaws is called Meltdown. Meltdown is a bug in the processor’s speculative execution which can grant access to unrelated memory locations outside of the current process. As the name implies, speculative execution is an optimization technique where the system will predict what processes you may need to access, start them before you would need access, and run them weather they are needed or not. This prevents delays to the user, but has enabled hackers to turn on and potentially exploit the Meltdown flaw in order to access other processes within your system.
The other flaw is called Spectre. Spectre is a vulnerability that can be exploited through the chip’s branch predictor circuit. When an execution is activated, it creates a chain of follow up commands that will open a cascading series of processes. This chain of activity is called a branch. The branch predictor is a series of logical if-then-else arguments that determine what series of processes to open based on a speculative execution. It’s purpose is to improve instruction flow which is critical to high-end performance. Spectre exploits this by accessing side-branches that were mispredicted. A clever hacker could use a timing attack where they measure the exact amount of time it took each process in the side-branch to complete it’s query, and work backwards to the main tree’s input and thus gain access to your memory and system.
While both the Spectre and Meltdown bugs are scary channels of attack potential hackers could exploit, there has not yet been many cases of hackers actually exploiting these bugs. However, that could always change, and it’s always better to proactively be safe rather than wish you had been proactively safe somepoint down the road. With this in mind, most of the affected companies have released or will release security patches and updates that you will need to download in order to protect your machine.
Download your security updates! Microsoft, Apple and others have pushed updates to address these flaws to systems running their OS. Be warned, on older devices using Windows 7 or Windows 8, as well as older Mac machines, these security updates simply shut off speculative executions, which can significantly slow your machine’s performance. Microsoft suggests upgrading your OS to Windows 10, but take that with a kernel of salt.
If you have a Mac machine, go to the app store and check for updates.
If you have Windows PC, hit start, type in ‘Windows Updates’ and select the option for ‘Check for updates’.
If you run on Ubuntu, you probably are computer literate enough not to need me to tell you what to do. The fact that a very small percentage of the computer-using public uses Ubuntu means that hackers will not think it worth their while to attempt an Ubuntu hack, but just in case use this resource.
If you have a Chromebook running on Google’s OS click on your account photo and go to settings. Select menu and go to ‘About Chrome OS’. Select check for updates. Google says that it will not patch older devices and that you should upgrade to a new device. Again take that with a grain of salt.
If you have an iPhone, go to settings, general, and software update.
On Android, go to settings, about device, update, check for update, and install.
AppleTV should automatically push updates, but just in case, go to settings, system, and software updates and ensure that you run any updates you see there.
Apple Watch does not have any security updates as of yet, but is considered immune to Meltdown and will soon be pushing a security update in the first quarter of 2018. Ensure it’s synced to your phone. On your phone, open the apple watch app and go to My Watch. Select General, then click Software Update.
Regardless of any known and newsworthy security bugs, you should always install software and security updates whenever you see them because they are actively and continuously designed to protect your machine. There’s an unofficial term in the IT and cyber-security world called Patch Tuesday. Since 2002, Microsoft has made regularly scheduled pushes of security updates and patches to machines running their OS on every second and occasionally fourth Tuesday of each month. Many other companies have followed suit and use that schedule for matters of convenience. So, if you make sure to check for updates every second and fourth Tuesday of the month, and make sure you have anti-virus and anti-malware installed and regularly updating as well, you will be as best protected as you can expect to be from security vulnerabilities such as Spectre and Meltdown.
Until next time…
…the ketchup is in the sauce.