Hacking: Two massive microchip security flaws
Two major security flaws have been discovered in the microchips running “nearly all of the world’s computers,” said Cade Metz and Nicole Perlroth in The New York Times, and to the tech industry’s alarm, the problems can’t be entirely fixed. The flaws, dubbed Spectre and Meltdown, afflict nearly all microprocessors made in the past 20 years, including those from market leader Intel, and “allow hackers to steal the entire memory contents” of computers and smartphones—including passwords, emails, and credit card info—as well as servers running in cloud networks. Chip companies have kept the flaws “under wraps” for months in order to prepare fixes, said Aaron Mak in Slate.com. But security analysts say that “software patches aren’t enough to fully mend Spectre,” which tricks applications into divulging data to hackers. Only processor redesigns in the next generation of computer chips will fully protect computers from the flaw. Meltdown, which “compromises the hardware barrier between applications and core memory,” is easier to exploit but less dangerous, and Google, Microsoft, and others have released patches “mitigating” its impact.
“It’s not hyperbole to say Meltdown and Spectre are a disaster,” said Devindra Hardawar in Engadget.com. Rivals in the chip business have been so concerned with performance and speed in recent years that they’ve let massive security holes slip in under their noses. This is a “wake-up call” that chipmakers “have to work together” on potential vulnerabilities before products hit the market. If they don’t, they’ll be forced to collaborate after the fact “to avoid a potential computing apocalypse.” Experts have cautioned that “it’s not clear whether hackers have exploited these flaws,” said Craig Timberg in The Washington Post. But if they have, the attacks “would likely not leave any trace that could be detected.” That’s particularly concerning for major corporations that have shifted “their most sensitive data” to the cloud. Cloud servers are especially vulnerable to a flaw like Meltdown, and the tech world’s collective shock at the seriousness of these security holes “threatens to make companies reconsider” handing over their data.
“What can you do now to protect against the chip flaws?” asked Jay Greene in The Wall Street Journal. First, ensure that “software on any device is up to date.” Apple’s current iOS update includes “the latest fix,” but remedies for Android devices “are trickier.” Google suggests checking with your device manufacturer or carrier to see if your devices “are patched.” For Windows 10 users, a patch should have been automatically downloaded. There’s “one reason not to panic just yet”: Exploiting the flaws is “so complex” that hackers will likely “continue relying on common techniques such as phishing” to get your data, rather than hacking your processor. ■