Which Devices Are at Security Risk and Can There Be Ways to Counter the Problem?
Billions of computers and smartphones are facing security risk following critical hardware flaws revealed recently.
In view of this, Singapore’s cybersecurity authority has urged all users to apply all available security software fixes immediately.
Meltdown and Spectre
According to the Singapore Computer Emergency Response Team (SingCert), these hardware flaws allow attackers to steal any data from any computer.
“This includes confidential information such as passwords, which could allow them to compromise computers or entire server networks.”
SingCert which issued the alert is a unit of Singapore’s Cyber Security Agency. This coordinates the nation’s response to cyber threats and attacks.
Fortunately, no reports of attacks due to the two critical flaws, dubbed Meltdown and Spectre have been received.
Meltdown affects computers that use Intel chips. Meanwhile, Spectre affects computers and smartphones built on Advanced Micro Devices (AMD) and ARM processors.
Global researchers had earlier released the full details of these two critical flaws in modern computer chips. These details subject almost every computing device to snooping and data thefts.
“Although billions of computers and devices are vulnerable, security fixes are already being rolled out,” said SingCert.
Researchers first discovered the flaws separately last year and it is still unknown if hackers have abused them so far.
The researchers are from Google’s Project Zero, the University of Pennsylvania, Austria’s Graz University of Technology, Australia’s University of Adelaide and security firms Cyberus Technology, Rambus and Data61.
Entire Network at Risk
If the vulnerability doesn’t get patches, it not only puts the data in the chip memory at risk. It also provides an entry point to critical servers and the entire corporate network.
According to the Asia-Pacific vice-president of cybersecurity services firm Cato Networks, Stree Naidu, every user should apply available security patches immediately.
The researchers said both flaws worked on the same principle that allowed hackers to access the deep recesses of a computer’s memory.
“A malicious programme can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs.”
“This might include passwords stored in a password manager or browser. It can even reach your personal photos, e-mails, instant messages and even business-critical documents.”
Apply Available Security Patches
Fortinet’s security research director David Maciejak said this was a serious vulnerability that will exist for a long time.
“It will not take long for the security flaw to encounter exploitations in the wild,” he said.
Urging every user to apply available security patches immediately, Naidu said by not patching the vulnerability not only puts the data in the chip memory at a security risk. It also provides an entry point to critical servers and the entire corporate network.
Hackers can even steal data from multiple customers on servers. These include servers from Google Cloud Services, Amazon Web Services or Microsoft Azure for corporate customers.
Google, Amazon and Microsoft said they have started rolling out security fixes for their cloud service platforms, while Google and Microsoft have also issued security patches for their Web browsers, computers and smartphones.
Android users can accept the automatic security updates provided by device makers and reboot the devices.
A Singapore-based Microsoft spokesman said they have not received any information to indicate that these vulnerabilities had attacked their customers.
Tony Jarvis, the chief strategist at security software firm Check Point Software Technologies, said Apple, which uses Intel products in its laptops and desktops, has also rolled out fixes for its products running on OS X.
However, Apple has not published any information on the security fixes for its computers and smartphones to date.
Experts believe that some of the patches caused slowdowns in a computer’s performance by up to 30 per cent. However, Intel has reportedly denied it.