Everyone with a desktop computer, laptop, mobile device, or smartphone struggles against malware and hacker attacks at some point, but the current news spreading on major networks and the internet warns of a darker, more insidious threat. Across platforms equiped with all types of CPUs and major operating systems, the Meltdown and Spectre vulnerabilities lurk. No simple scans will tell you if someone has taken advantage of either one on your machine. No simple, 100% ironclad fixes exist to stop these hardware-based weaknesses, except perhaps in Linux 🙂
Image From: https://xkcd.com
Before you stop using the Cloud or throw away your tablet in fear, you should understand what Meltdown and Spectre are and the steps being taken to counter the issue.
CPU Vulnerabilities Explained
Any processor built since 1995 has an intrinsic weak spot that allows Meltdown and Spectre to infiltrate the deepest, most protected core of computer memory and function, the kernel. They stem directly from the new processors' method of attempting to predict instructions before the user asks. The two vulnerabilities exploit this process and allow hackers or associated programs to sneak in and grab private data. This stolen information may include personal details, banking or credit card information, business documents, and passwords.
Although the danger from both Meltdown and Spectre stem from similar issues, they do differ in some basic ways.
Meltdown
- Steals data directly from kernel memory
- Affects Intel and some ARM processors, but not AMD ones.
- Dissolves separation between accessible programs and the computer's OS
Spectre
- Steals data from active processes
- Affects Intel, ARM, and AMD processors.
- Allows for remote access and execution
- More difficult to exploit and fix
Both are potentially quite serious, but the average home or mobile computer or device user should not worry too much. Companies are scrambling to share updates, patches, and recommendations for best protection practices.
How to Protect Yourself From Exploits
Do not delay when it comes to updating your computers or devices. Grab every one released and make sure it installs correctly. Also, keep your anti-virus and anti-malware software up to date. While Meltdown and Spectre are not directly challenged by these programs, the programs bad people use to gain access may be. A respected antivirus company, AV-Test, has already found over 100 probing pieces of code designed to take advantage of these vulnerabilities. Now, it is the tech companies' responsibility and challenge to stay ahead of those who want to use Meltdown and Spectre for their own nefarious purposes.
