Meltdown Cyber Threat Is Radioactive For Intel And Your PCs, Macs And Smartphones

by Richard Cameron


 

By now, most of our readers have likely heard

about the Apple iPhone debacle late December, in which the company pushed power consumption updates to various of their recent and older cell phones, slowing the phone data transmission rate in order to extend the life of their non user replaceable batteries. That continues to rankle millions of iPhone users worldwide and constitute a corresponding PR disaster for the company.

Just on the heels of that is a tech fail that affects a predominant variety of computing devices from individual and business owned cell phones, laptops and desktops all the way up to cloud storage.

What we’re talking about here are a couple of “kernel bugs” that were discovered by cooperative research between the Graz University of Technology in Austria and Google’s Project Zero security team.

Who’s responsible for this?

Google was the bearer of the bad news to the tech manufacturer most affected by the global risk – Intel.  But, this was over two months ago and according to Business Insider, Intel’s CEO, Brian Krzanich, sold $24 million in company stock and options in late November. SEC and U.S. Attorney for New York – are you looking into this?

Photo of Intel's Capstone Project offices

The potential exploits have names, too. They have been dubbed Meltdown and Spectre.

No need to describe the connotations, but the effects are potentially dire. They can allow third parties to extract data from your phone or computer including passwords, emails, photos, documents and critical data.

The threat focuses on the CPU (Central Processing Unit) of the computing device, popularly known as the processor or chip.

This is the brain of your device and the target of the would be attacks aim at what experts call the  speculative execution functionality of the processors. Microsoft calls the vulnerability “speculative execution side-channel attacks”.

Is your device at risk?

The preponderance of desktop and notebook computers are subject to the risk because the design flaws of the CPU chips affect processors going back a full 20 years. Cyber security professionals see Meltdown and Spectre as something quite out of the ordinary, in the sense that the locus of most all susceptibilities are based on software, while in the case of these two potential hacks, it is the heart of the computing device hardware – the CPU.

photo of Intel’s Core i7-8700K “Coffee Lake” CPU
Intel’s Core i7-8700K “Coffee Lake” CPU

We’ll not get down in the weeds of Meltdown and Spectre other than to offer this brief summary from The Verge:

The vulnerabilities allow an attacker to compromise the privileged memory of a processor by exploiting the way processes run in parallel. They also allow an attacker to use JavaScript code running in a browser to access memory in the attacker’s process. That memory content could contain key strokes, passwords, and other valuable information.

At this point you’re wondering, how can I protect myself?  If you use cloud storage, Microsoft and Google are handling patches at their end and the same is the case with Amazon and their data centers.

Industry pro-active damage control

If you have a PC running versions of Windows that are still being supported by Microsoft (Windows 7, 8, 10) – Microsoft will push out a patch in your regularly scheduled security update. Microsoft initially noted some incompatibilities with certain anti-viruses you may be running. Most majors have fixed those issues, but here is a list, showing the status of your anti-virus.

But, as I have emphasized before, if you have a Windows OS older than Windows 7, (like XP Pro or Vista) get your critical data off that PC as soon as you can – like yesterday, or upgrade to Windows 10 or a Linux based OS, like Ubuntu that works nicely with older PCs.  Apple is rolling out security updates for iOS, the Safari browser and the phones. The same is true with Android based devices and smartphones.

Intel said Thursday, that the patches that it is issuing—via firmware and operating system patches—“render those systems immune from both exploits.”  The OS patches that will be issued, are believed to come with a price – a slowing down of your computer – particularly in the area of any tasks that involve retrieving data from the hard drive.

Intel, not unexpectedly, is trying to blunt the reaction to this by stating, as PC World notes, the performance loss will be dependent on workload, and “should not be significant” for average home computer users. Not very reassuring. Kind of like saying that the pain following a surgical procedure will be mild to severe, rather than excruciating – but if you rest, relax and curtail your activities it will be manageable.

There is a bit of good news for those of you who bought bargain priced computers a while back, like my Toshiba. They run AMD processors.  AMD – and you, dodged a bullet.  AMD released a statement indicating that because of the design and construction of their chips, they have “zero vulnerability” to Meltdown. They said specifically “Differences in AMD architecture mean there is a near zero risk of exploitation of this variant. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date.”

Because of that, AMD’s stock went up today and Intel’s went down.

You are the first line of defense in terms of guarding against intrusions, by not clicking on unrecognized hyperlinks, following strong password protocols, using secure networks, maintaining an up to date anti-virus program and accepting regular software updates.

Please follow and like us:

Related posts