With the increasing dependency of people on gadgets, so are the threats to our privacy and confidentiality. Recently, the security researchers at Google project zero along with some academy and industry researchers have detected and reported a ‘serious flaw’ which can put the confidential information at serious risk. What are these flaws prominent in? Do these affect our PCs? how do they exploit our gadgets? Whether or not can they be detected? How do we mitigate the harm? This article deals with all these questions in everybody’s minds for keeping us informed of such threats to our gadgets.
There are not one but two bugs producing the threat to our device’s security and the information in them. They are namely Meltdown and Spectre.
Meltdown affects the hardware by breaking the isolation that exists between the user application and operating system. The bug melts the security between an operating system and user application. According to Google, “Almost every Intel processor since 1995 has been affected by meltdown”. Referred as CVE-2017-5754.
Spectre breaks the meltdown between user applications. It is also being taken as the hardware vulnerability referred by CVE-2017-5753 and CVE-2017-5715.
Meltdown can be found in the device with the chip from Intel whereas Spectre can be found in the device having the chip from Intel, AMD, and ARM. Despite that, both of these make it easy for the cyber-criminals to have access to the passwords and the device memory. However, AMD claims that its chips are not vulnerable.
The probability that these flaws are already present in our devices is high. No operating system right from IOS, windows, LINUX etc. is free from these flaws. But, it’s almost impossible for us to detect whether or not our devices are affected by Meltdown and Spectre as the devices run as they have been running and we can find out no fault.
Not even the anti-viruses can detect the threat as they are quite difficult to detect compared to normal malware. But the antiviruses can detect the malware using such attacks by comparing the binaries.
How to fix the harm for different OS?
Google has come up with some patches. Google has issued a security fix for these
Whereas Microsoft has come up with the patch for windows 10 to be downloaded automatically and for the older operating systems, the patch will soon be available.
Even though Apple has made no public comment as such but one of the researchers suggests macOS 10.13.2 for the Apple devices.
LINUX system has a patch as well but they reportedly slow down the devices. They have issued Kernel patches for dealing with this issue.
Amazon web service has also been patched for Google cloud platform, Amazon web services, and Microsoft Azure. The chrome books have received security from OS63.
If the patches are not available for the devices, we are to checkout with the operating system provider and the device maker then install them as soon as possible for mitigating the harm. Either being caused or to be caused by Meltdown and Spectre.
Highlights
- Two different flaws i.e. Spectre and Meltdown
- Meltdown found in Intel processors.
- Spectre found in devices having Intel, ARM and AMD chips.
- Invading of the security barrier to access secret information.
- Cannot be easily detected by antivirus.
- Companies have come up with their own patches to mitigate the harm.
- Updates and installations required to minimize the chances of such flaws from harming devices.