Security Awareness

Critical Security Alert: Meltdown and Spectre Vulnerability

SpectreMeltdownOn January 3rd, something remarkable happened: the New York Times, CNN, and Fox News all ran front-page stories about a computer security vulnerability. The vulnerabilities, called Meltdown and Spectre, aren’t like other recent virus outbreaks and that’s part of why they are getting so much attention. These issues represent flaws in the way computer processors have been designed for the last twenty years.

If exploited, they would let hackers use malicious apps to read your passwords or look at what websites are open on your computer, and nobody is safe. These processor chip vulnerabilities are found in every device with a computer chip inside: smartphones, tablets, laptops, desktops, and servers are all effected.

There’s more bad news. Although security researchers waited to disclose the issue until after patches for Windows, Mac, and Linux were released, the fix has a cost. Depending on the chip, the operating system, and the age of the computer, the patch can consume up to 30% of a computer’s processing speed.

The only long-term solution will be to replace every computer chip in the world, which, even if possible will take years of redesign and manufacturing to complete.

If you have a computer or smartphone, you should patch these operating systems immediately. Other devices like routers, wifi, smart TVs, cameras, or other home appliances should also be updated, particularly devices that might store or process sensitive information. Also, keep all your additional software updated, including your web browsers and Flash. Unfortunately, not all of these software fixes will be released at the same time. So make sure you stay on top of new developments and update your devices as soon as relevant patches are rolled out.

In the meantime, stay away from apps from disreputable sources and don’t click on links from people you don’t know. Be alert for social engineering scams related to these flaws. Bad guys are using this major event to try to trick you into downloading malware that claims to be a patch. Don’t fall for it! Patches should only come from official sources like the manufacturer of your PC or the developers of your Operating System. Remember that you are the last line of defense.

Meltdown and Spectre logo designed by Natascha Eibl and are made available under a CC0 1.0 Universal (CC0 1.0) Public Domain Dedication license.

Print Friendly, PDF & Email

Published by

George Finney

George Finney is the Chief Security Officer at Southern Methodist University. He is responsible for implementing and monitoring a diverse security infrastructure to protect the University network and data.