‘Spectre’ of a Full-Scale ‘Meltdown’ Rears its Head

‘Spectre’ of a full-scale ‘Meltdown’ rears its head

There’s a lot of talk right now about a major design flaw in a huge proportion of the microprocessors used by the world’s computers. In essence, two methods of accessing sensitive information on your devices have been revealed – and they are serious.

They have been named ‘Meltdown’ and ‘Spectre’ and between them they affect nearly every computing device made in the last 20 years……. They can affect your desktop machine, your laptop, your tablet, your mobile, cloud computing platforms, backup hard drives, etc, etc, etc. In fact, anything that uses many forms of modern processing chip, particularly most of those made by Intel since 1995! Some other manufacturers, including AMD and the British firm, Arm, are affected too, although Intel has the biggest problem.

That matters to most of us because Intel chips, as you’re probably aware from all of the big-budget advertising, are everywhere.

The risk is in the architecture of the chips, which can allow an attacker to get access to parts of memory that should have been protected, but turn out not to be. The scariest part is that in many cases they can do this simply by running some code in a web browser on a page you’ve visited. The memory they can get access to is where the machine would store critical information such as passwords and other login credentials and the keystrokes you’ve made.

You don’t need to be a computing expert to know that this is a very, very bad thing. That’s why this potentially dry and techie story matters to everyone.

UPDATE 5/1/18: Apple has this morning confirmed that all of its MacBooks, iMacs, iPhones and iPads are also affected. Apple Watches are not. Meltdown will take time to deal with and there are concerns that fixing it is going to slow down all of our computers (another big deal). Spectre is a more sinister issue; it’s harder to exploit, but also harder to fix. In fact it might need a fundamental redesign of the processors and hardware replacement to completely deal with, so it could be a problem for years to come!

What Should You Do to Avoid a Meltdown?

Actually, there is no complete answer yet – and may not be for some time!

At the moment, there are only limited things you can do to protect yourself.

Producers of the leading browsers (Chrome, Firefox, Internet Explorer, Edge) are rushing out patches to add a level of defence and you should ensure you keep yours up-to-date. Don’t forget to check not only your favourite that you use everyday, but all those installed on your system. There will be system updates to address the worst of the immediate problem with Meltdown on Intel chips, but that picture is far from clear yet.

Microsoft has rushed out an emergency patch for some Windows systems, but if you’re running a third-party anti-virus solution (and most organisations and individuals are), then you might not see that yet because it doesn’t work well with all of them at this point. It’s pretty likely that many systems will need firmware updates as well as an update to the Windows software. That’s very much a system level update to the hardware on the device or machine itself and can be quite disruptive if you have lots of technology to take care of.

If your systems are maintained and updated by Bespoke Computing, we’re monitoring developments and will take care of any updates as and when they arrive – or at least once we’re sure they’re safe to apply to your hardware.

The best reassurance we have right now is that these exploits are not thought to have been used “in the wild” by attackers, but now they know about them, you can bet there are plenty of people exploring the possibilities and proof of concept attacks have been demonstrated by researchers. In short, there’s not a lot you can do immediately except keep on top of system updates and browser updates.

If you’re concerned about getting your software and hardware suitably updated when the fixes do emerge but are not sure how, please do give us a call to talk through how we could help you.