Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Shutterstock/Duncan Andison

Spectre and Meltdown: What you need to do to keep your computer safe

Patches have been issued to help protect against the flaws.

PEOPLE HAVE BEEN warned to install updates on their computers and mobile devices in a bid to protect against vulnerabilities that could allow hackers to access sensitive data.

The Spectre and Meltdown vulnerabilities affect computer chips from Intel, AMD and ARM.

Personal computers, mobile phones, servers and operating systems such as Microsoft Windows, Linux and Apple macOS could be impacted. Software companies have issued patches to fix the vulnerability.

Brian Honan of BH Consulting said failing to install these patches will leave people at risk of hackers stealing sensitive information such as passwords from the memory of their computer.

Speaking to TheJournal.ie, Honan said people could also be lured to third-party websites that could exploit the bug on their PC.

Honan said websites are also at risk, particularly if they gather sensitive data, and should “deploy the patches as quickly as possible”.

In a statement, Intel said: “Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available. Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied.”

Performance 

“There’s the potential that applying the patches could impact the performance of the machines,” Honan said, noting that older machines or those already under a lot of pressure may be particularly affected.

He described the situation as a “Catch 22″ as people won’t know if their device’s performance has been affected until they install the patch.

However, Honan said the pros of installing the patches outweigh the cons, stating: “This issue is so widespread it’s only a matter of time before it’s used in attacks.”

Some researchers have said any fix could slow down computer systems by 30% or more. Responding to this, Intel said: “Any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”

Serious flaws 

Last year, Google’s Project Zero team discovered serious security flaws caused by a technique used by most modern processors to optimise performance.

Researcher Jann Horn demonstrated that malicious actors could take advantage of the technique, known as speculative execution, to read system memory that should have been inaccessible.

In a statement, Google said: “For example, an unauthorised party may read sensitive information in the system’s memory, such as passwords, encryption keys or sensitive information open in applications.

“Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.”

Read: People being warned to check systems as Intel reveals ‘serious flaws’ in its computer chips

Read: ‘A digital revolution’: Forty schools to offer Computer Science as Leaving Cert subject in September

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Close
41 Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel

     
    JournalTv
    News in 60 seconds