Android, Antivirus, Apple, Chromebook, Enterprise, Internet Security, iPhone, Mobile, OS X

CPU Security Flaw (Meltdown and Spectre) – What you need to know

Processors (CPUs) provide the brainpower for all the computerized devices we use day to day, from PCs and smartphones down…

Processors (CPUs) provide the brainpower for all the computerized devices we use day to day, from PCs and smartphones down to mundane things such as ATMs. Therefore an exploit – or exploits – that affects virtually all of these devices at the same time is a shocking thing to hear about.

Unfortunately, early 2018 saw just such a thing happen with the news that a design flaw in nearly all modern processors had been found.
 

What are Meltdown and Spectre?

Meltdown and Spectre are the names given to the two newly discovered vulnerabilities that affect virtually every device with a processor in it.

They rely on retrieving small amounts of data that are made available outside of the processor temporarily. This happens due to a design in processors called “speculative execution”.

This is the process where a CPU essentially guesses what information it will need next to function quickly.

Spectre allows attackers to force the processor itself to start the speculative execution process. They then access the extra data to obtain sensitive information that should never be available.

Meltdown fundamentally breaks down the mechanism that stops applications from accessing system memory. By doing so it enables exploits to access arbitrary system memory to retrieve sensitive data.
 

Who discovered them?

Both exploits were independently discovered by multiple teams of researchers.

Meltdown

  • Jann Horn (Google Project Zero)
  • Werner Haas, Thomas Prescher (Cyberus Technology)
  • Daniel Gruss, Moritz Lipp, Stefan Mangard, Michael Schwarz(Graz University of Technology)

Spectre

  • Jann Horn (Google Project Zero)
  • Paul Kocher in collaboration with Daniel Genkin (University of Pennsylvania and University of Maryland), Mike Hamburg (Rambus), Moritz Lipp (Graz University of Technology), and Yuval Yarom (University of Adelaide and Data61)

 

What systems are affected?

On a technical level, every Intel processor that implements out-of-order execution (speculative execution) is potentially affected. This includes almost all Intel processors dating back all the way to 1995!
A portion of AMD processors and ARM processors are also affected.

All desktop, laptop and cloud computing services may be affected by Meltdown.
 

Am I affected by Meltdown and Spectre?

Yes!

This may seem like a very blunt answer but due to the wide-reaching nature of the design flaw, you almost certainly have a device that will have been affected.
 

Does my antivirus protect me?

Antivirus programs could theoretically detect the use of these exploits, however, in practice it is very unlikely. It is possible that your antivirus could detect malware designed to exploit these vulnerabilities but not the actual vulnerabilities themselves.
 

How do I protect myself?

The Meltdown exploit is able to be fixed with a software patch as it relies on breaking the isolation between user apps and the operating system.

Computers fitted with a vulnerable processor and running unpatched operating systems will be open to exploit.

Fortunately, Operating system vendors have released relevant patches to protect their users. As long as you regularly update your operating system using built-in update tools, you should be fully protected from the Meltdown vulnerability.

As usual, it is best to operate safe web browsing habits and not install any potential malware on to your device that may potentially make use of these vulnerabilities.

Spectre has proven to be much harder to protect from as it is executed at the hardware level.

Initial advice so far is to follow the basic steps (similar to meltdown):

  • Update your operating system frequently
  • Install updates from your hardware manufacturer (firmware updates)
  • Turn on isolation mode in your web browser ( Chrome and Firefox ) – This prevents exploits in javascript from utilizing Spectre vulnerability.

 

What next?

The main thing for most people to do is to not panic. If you have followed the basic security steps and best practices above then you will almost certainly be safe.

It is important to note that some of the security patches that have been released may deliver a performance hit to your device. This is a widespread complaint and many of the operating system vendors recognize this as an issue.

They have stated that the performance hit should not be noticeable to the average user, however, hits to performance are “highly variable and depend on a number of factors”.

If you feel like your device performance has been significantly affected, do some research on whichever update you just installed. Other people may have suggestions and/or the vendor themselves may recognize a compatibility issue with certain device setups.
 

Conclusion

The shock release of these two huge vulnerabilities should be a wakeup call to the entire world.

It is increasingly important in this day and age to be ever vigilant about what information you store on your devices.

More importantly, users and companies should focus on preventative practices, such as being aware of potential malware that could expose devices to cybercriminals.
For more advice on what users should look out for in 2018, check our article – Internet security threats to look out for in 2018

Be the first to write a comment.

Leave a Reply

iPhone

Netflix now lets you share a favorite title directly to Instagram Stories

Having reached critical mass, Netflix shows are now influencing culture — whether that’s prompting everyone to “tidy up” or causing chaos with “Bird Box”-inspired challenges. For good or bad, what happens on Netflix is talked about, memed and shared across the social media landscape. Today, Netflix is launching a new feature aimed at better inserting…


Having reached critical mass, Netflix shows are now influencing culture — whether that’s prompting everyone to “tidy up” or causing chaos with “Bird Box”-inspired challenges. For good or bad, what happens on Netflix is talked about, memed and shared across the social media landscape. Today, Netflix is launching a new feature aimed at better inserting its brand into those online conversations: Instagram Story integration.

Launching first on iOS, Netflix users will be able to share their favorite movies and shows to their Instagram Story right from the Netflix mobile app.

The feature will add the title’s custom art to a users’ Instagram Story, where it remains visible for 24 hours. The Story can also be customized with other options, like a user poll, for example.

If the viewer has the Netflix app installed on their iPhone, they’ll see a “watch on

Read More

Continue Reading
Antivirus

Here is how you could win a $600 iTunes or Google Play voucher and Avast security software worth $200

TechRadar Pro has partnered with Avast to give you the chance to make your business more secure and go on a splurge with a $600 gift voucher for either Apple iTunes or Google Play.The rapid rise of threats online combined with fast mobile internet access and ubiquitous mobile phones means that security solutions have now…


TechRadar Pro has partnered with Avast to give you the chance to make your business more secure and go on a splurge with a $600 gift voucher for either Apple iTunes or Google Play.

The rapid rise of threats online combined with fast mobile internet access and ubiquitous mobile phones means that security solutions have now moved beyond the traditional antivirus.

Now, we want to know how business owners and ITDMs secure your devices, either online or offline, on desktop or mobile, and we’ve put together a short survey to help us find out more.

Everyone completing the survey will be entered into a

Read More

Continue Reading
Antivirus

Here is how you could win an iPhone 7 Plus and Avast security software worth £700

TechRadar Pro has partnered with Avast to give you the chance to make your business more secure and own one of the best iPhone smartphones ever, the iPhone 7 Plus.The rapid rise of threats online combined with fast mobile internet access and ubiquitous mobile phones means that security solutions have now moved beyond the traditional…


TechRadar Pro has partnered with Avast to give you the chance to make your business more secure and own one of the best iPhone smartphones ever, the iPhone 7 Plus.

The rapid rise of threats online combined with fast mobile internet access and ubiquitous mobile phones means that security solutions have now moved beyond the traditional antivirus.

Now, we want to know how business owners and ITDMs secure your devices, either online or offline, on desktop or mobile, and we’ve put together a short survey to help us find out more.

Everyone completing the survey will be entered into a draw to win a bumper crop of prizes worth nearly £700.

One winner will get:

  • An iPhone 7 Plus worth £569

So what are you waiting

Read More

Continue Reading
iPhone

We finally started taking screen time seriously in 2018

At the beginning of this year, I was using my iPhone to browse new titles on Amazon when I saw the cover of “How to Break Up With Your Phone” by Catherine Price. I downloaded it on Kindle because I genuinely wanted to reduce my smartphone use, but also because I thought it would be…


At the beginningof this year, I was using my iPhone to browse new titles on Amazon when I saw the cover of “How to Break Up With Your Phone” by Catherine Price. I downloaded it on Kindle because I genuinely wanted to reduce my smartphone use, but also because I thought it would be hilarious to read a book about breaking up with your smartphone on my smartphone (stupid, I know). Within a couple of chapters, however, I was motivated enough to download Moment, a screen-time-tracking app recommended by Price, and re-purchase the book in print.

Early in “How to Break Up With Your Phone,” Price invites her readers to take the Smartphone Compulsion Test, developed by David Greenfield, a psychiatry professor at the University of Connecticut who also founded the Center for Internet and Technology Addiction. The test has 15 questions, but I knew I was in trouble after answering the first five. Humbled by my very high score, which I am too embarrassed to disclose, I decided it was time to get serious about curtailing my smartphone usage.

Of the chapters in Price’s book, the one called “Putting the Dope in Dopamine” resonated with me the most. She writes that “phones and most apps are deliberately designed without ‘stopping cues’ to alert us when we’ve had enough—which is why it’s so easy to accidentally binge. On a certain level, we know that what we’re doing is making us feel gross. But instead of stopping, our brains decide the solution is to seek out more dopamine. We check our phones again. And again. And again.”

Gross was exactly how I felt. I bought my first iPhone in 2011 (and owned an iPod Touch before that). It was the first thing I looked at in the morning and the last thing I saw at night. I would claim it was because I wanted to check work stuff, but really I was on autopilot. Thinking about what I could have accomplished over the past eight years if I hadn’t been constantly attached to my smartphone made me feel queasy. I also wondered what it had done to my brain’s feedback loop. Just as sugar changes your palate, making you crave more and more sweets to feel sated, I was worried that the incremental doses of immediate gratification my phone doled out would diminish my ability to feel genuine joy and pleasure.

Price’s book was published in February, at the beginning of a year when it feels like tech companies finally started to treat excessive screen time as a liability (or at least do more than pay lip service to it). In addition to the introduction of Screen Time in iOS 12 and Android’s digital well-being tools, Facebook, Instagram and YouTube all launched new features that allow users to track time spent on their sites and apps.

Early this year, influential activist investors who hold Apple shares also called for the company to focus on how their devices impact kids. In a letter to Apple, hedge fund Jana Partners and California State Teachers’ Retirement System (CalSTRS) wrote “social media sites and applications for which the iPhone and iPad are a primary gateway are usually designed to be as addictive and time-consuming as possible, as many of their original creators have publicly acknowledged,” adding that “it is both unrealistic and a poor long-term business strategy to ask parents to fight this battle alone.”

The growing mound of research

Then in November, researchers at Penn State released an important new study that linked social media usage by adolescents to depression. Led by psychologist Melis

Read More

Continue Reading