Photo credit: meltdownattack.com
You’ve probably seen the terms Meltdown and Spectre this week. Unfortunately, this has nothing to do with James Bond, though the news might get your heart racing. Information was recently leaked that nearly every computer, smartphone, tablet, laptop and cloud system in the world is subject to critical vulnerabilities in modern processors. Some pretty mind-blowing stuff.
Meeting and event planners may heavily rely on technology for their day-to-day functions. Yet, cybersecurity is generally outside their expertise. That’s why we’re providing the run-down.
Not Your Average Cyber-scare
Ultimately, a malicious program could make use of both hardware bugs to override program boundaries and obtain stored information—i.e. credit card information, emails, client information, photos and more.
A lot still isn’t known. Should hackers monopolize the situation, it might not be as straightforward as exploits in the past. Oren Falkowitz, co-founder and CEO of Area 1 Security, told Smart Meetings, “It’s really hard to predict who attackers will go after. Spectre and Meldown represent a new technique and capability but they do not help indicate who would be a victim.”
The individual victims might not be predictable, but businesses running their entire infrastructure on AWS or Google Cloud will need to be extra cautious. For instance, depending on the cloud provider’s infrastructure, hackers could potentially steal data from customers and clients.
Meltdown vs. Spectre
Even though they have a similar exploitive nature, Meltdown and Spectre are different beasts.
Meltdown takes advantage of a privilege escalation flaw, enabling a program to read the protected kernel memory access from user space. Meaning, all data in a computer is accessible to any user who can execute code on the system. This applies to Apple products and all Intel chips since the mid-90s.
Spectre fools applications into performing commands they shouldn’t be able to. With this, hackers can access information stored on your device’s memory. This flaw is now in nearly every chip made by Intel, AMD and ARM.
The Current Situation
Wondering why we’re just hearing about this? Apparently tech companies have known about the threats for months. While keeping things under wraps, they’ve been racing to find a solution. Meanwhile, billions of PCs, smartphones and tablets around the world have been affected.
Apple confirmed its products’ vulnerabilities. Google and Microsoft released statements that inform users of the affected products. Google has also claimed that its Android phones are A-OK if users had the latest security updates. Window users have been advised to update third-party anti-virus software before implementing any operating system patches.
Now take a deep breath. While the flaws are certainly out there, there’s been no sign that hackers can take advantage of them at this time.
Patch it up!
According to meltdownattack.com, you are already definitely affected by the bug, although you probably cannot detect the exploit. That doesn’t mean all hope is lost. A “patch” looks like the best protective route. Currently, there are patches against Meltdown for Linux, Windows and OS X. Downloading a patch helps mitigate vulnerability.
Another proactive measure is to update all of your programs, including your operating system, CPU firmware (if available) and web browser. Do it ASAP. Another piece of advice Intel emphasizes is to make sure you’re running security software.
You can also check out this online list of updated anti-virus products, which is continuously being updated by cybersecurity expert Kevin Beaumont.