Cybersecurity Risks from Old Chips

Chances are, you are reading this on a device hiding a major cybersecurity flaw which could spill all your secrets.

A chip flaw dating as far back as 1995 has left billions of computers, smartphones, cloud storage, laptops and tablets cybersecurity vulnerable to exposure has been revealed.

The defects

According to correspondence sent by tech companies to legislators, Intel Corp did not inform cybersecurity officials in the U.S. of the Meltdown and Spectre chip security flaws until it was leaked to the public, a full six months after Alphabet Inc. (Google’s parent company) notified the chip manufacturer of the concerns. The bugs, known as Meltdown and Spectre may leak passwords, personal photos, emails, instant messages or even confidential business documents, a group of independent cybersecurity experts have warned.

If your operating system has not been patched it may not safe to work with sensitive information without running the risk of leaking the information – this applies to working on your PC or storing documents in cloud infrastructure (saving it in online, for example).

What are Meltdown and Spectre?

Meltdown is a security defect that may allow hackers to pass-by a hardware wall between applications which connects users and a computer’s core memory, which is usually heavily protected.

Spectre is a little different. It allows hackers to potentially convince normally error-free applications into giving up hidden information.

Is the Cyber Security issue critical?

The short answer is, yes. According to Daniel Gruss, one of the researchers who discovered the flaw, Meltdown is “probably one of the worst CPU bugs ever found. It is very serious in the short term and needs immediate attention”.

The difficulty with Meltdown is that anything that runs as an app, could be used to steal data, including unassuming things such as javascript from a web page viewed in a browser.

Spectre, in contrast, is more difficult for hackers to utilise to their advantage but it is also harder to repair and is predicted to be a bigger and longer-term problem.

What’s affected?

Almost every device capable of computing can be affected by Spectre, including desk and laptops, phablets, tablets, smartphones and even the cloud (some lower spec devices, such as the certain Internet of Things devices, are not affected).

What can be taken?

A processor’s core system, or kernel, stores all of your sensitive information in its memory. This potentially means all banking histories, credit card details, any financial data, all forms of communications, logins, and passwords could be at risk due to Meltdown.

What can I do?

Update your computers with the latest security fixes as soon as possible. Fixes for Linux and Windows are already available. Chromebooks updated to Chrome OS 63, which were rolled out in December, are pre-protected.

Android devices using the latest security update, including Google’s Nexus and Pixel smartphones, are pre-protected. More updates are believed to be rolling out soon.

Apple’s advice is to update and only download trusted apps from the Apple store.

If you’d like to know more about whether you are affected, contact a member of our team today.