The Race Is On, And The Clock’s Ticking

Massive security vulnerabilities in modern CPUs are forcing a redesign of the kernel software at the heart of all major operating system. Is this flaw possible to solve? Are we getting the best solutions to defeat of Meltdown and Spectre?

The New Year traditionally starts off with resolutions for self-improvement, plans for the attainment of long-cherished goals…you know, the usual.  Nothing fancy, just your average drunken festivities.  But 2018 has quite a treat in store for us, friends…if market-wide CPU hacks and panicked attempts at software plugs sound fun to you, then this is shaping up to be your year.

January 4th saw the introduction of two new malicious programs: Meltdown and Spectre.  Meltdown is an exploit that grants hackers access to your programs’ memory and operating systems.  Spectre can bypass best practices and trick sites into leaking secret or sensitive info.  In fact, digital protection measures may increase the risks associated with Spectre, rather than diminishing them.

So, how are the fixes going so far? Processor manufacturers like Intel, AMD, Qualcomm, and ARM are working with the hardware companies that incorporate their chips, as well as the software companies that actually run code on them to add protections. Intel can’t patch the problem on its own because third-party companies implement its processors differently across the tech industry. As a result, groups like Microsoft, Apple, Google, Amazon, and the Linux Project have all been interacting and collaborating with researchers and the processor makers to push out fixes.

It was initially thought that a total hardware overhaul would be the only means of dealing with Spectre and Meltdown.  These vulnerabilities impact how mainstream processors manage their data, so replacing them with corrective chips still may be the best option for high-security environments.

But this is much easier said than done…especially for small to mid-sized businesses who may not switch out their hardware frequently.  So if active replacement isn’t an option for you, based on finances or other factors, your best bet is to apply system updates and patches as they become available.  Just make certain that you’re proactive about it.

Some patches to defeat Meltdown are already out for recent versions of Windows, Android, macOS, iOS, Chrome OS, and Linux.  But Spectre is a far more difficult nut to crack…some are even speculating that long-term defense may be impossible without overhauling your hardware.  The hack affects processors from Intel, ARM, AMD, and Qualcomm. Browsers as diverse as Chrome, Firefox, and Edge/Internet Explorer have been impacted, though they have preliminary Spectre patches, as do some operating systems.  Apple’s Spectre patches are still in the works and should be available shortly.

Though many manufacturers and software makers have taken steps to address the issue, countless smaller vendors and developers will inevitably become stragglers.  Some may never directly address the issues in their products.  And because of the hectic rush to put out patches, there’s been a strong absence of detailed testing and refinement.  Rushed fixes may not offer total protection, or could create other bugs and instabilities, such as decreasing your processor’s performance.

Again, though, it’s the smaller-end SMB’s with twenty to thirty computers who will really suffer as a result of Spectre and Meltdown…companies large enough to be lucrative targets, but not large enough to quickly and efficiently combat the problems facing them.

Keeping your computer and digital assets safe should be top of mind at all times.  Lionfront can help.

 

Get some help now from our experts through a free Cyber Security audit of your business.

 

Leave a Reply

Looking for a cyber security audit of your business? Get in contact to get a free cyber security audit from our experts.