All Devices At Security Risk Due to Critical Flaws
Billions of computers and smartphones are facing security risk following critical hardware flaws revealed recently.
In view of this, Singapore’s cyber security authority has urged all users to apply all available security software fixes immediately.
Meltdown and Spectre
According to the Singapore Computer Emergency Response Team (SingCert), these hardware flaws allow attackers to steal any data processed by the computer.
“This includes confidential information such as passwords, which could allow them to compromise computers or entire server networks.”
SingCert which issued the alert is a unit of Singapore’s Cyber Security Agency, which coordinates the nation’s response to cyber threats and attacks.
Fortunately, no reports of attacks due to the two critical flaws, dubbed Meltdown and Spectre have been received.
Meltdown affects computers that use Intel chips, while Spectre affects computers and smartphones built on Advanced Micro Devices (AMD) and ARM processors.
Global researchers had earlier released the full details of these two critical flaws in modern computer chips, which between them, subject almost every computing device to snooping and data thefts.
“Although billions of computers and devices are vulnerable, security fixes are already being rolled out,” said SingCert.
Researchers first discovered the flaws separately last year and it is not known if hackers have abused them so far.
The researchers are from Google’s Project Zero, the University of Pennsylvania, Austria’s Graz University of Technology, Australia’s University of Adelaide and security firms Cyberus Technology, Rambus and Data61.
Entire Network at Risk
If the vulnerability is not patched, it not only puts the data in the chip memory at risk, but also provides an entry point to critical servers and the entire corporate network.
According to the Asia-Pacific vice-president of cyber security services firm Cato Networks, Stree Naidu, every user should apply available security patches immediately.
The researchers said both flaws worked on the same principle that allowed hackers to access the deep recesses of a computer’s memory.
“A malicious programme can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs.
“This might include passwords stored in a password manager or browser, your personal photos, e-mails, instant messages and even business-critical documents.”
Apply Available Security Patches
Fortinet’s security research director David Maciejak said this was a serious vulnerability that will exist for a long time.
“It will not take long for the security flaw to be exploited in the wild,” he said.
Urging every user to apply available security patches immediately, Naidu said by not patching the vulnerability not only puts the data in the chip memory at security risk, but also provides an entry point to critical servers and the entire corporate network.
Hackers can even steal data from multiple customers on servers such as those run by Google Cloud Services, Amazon Web Services or Microsoft Azure for corporate customers.
Google, Amazon and Microsoft said they have started rolling out security fixes for their cloud service platforms, while Google and Microsoft have also issued security patches for their Web browsers, computers and smartphones.
Android users can accept the automatic security updates provided by device makers and reboot the devices.
A Singapore-based Microsoft spokesman said they have not received any information to indicate that these vulnerabilities had been used to attack our customers.
Tony Jarvis, chief strategist at security software firm Check Point Software Technologies, said Apple, which uses Intel products in its laptops and desktops, has also rolled out fixes for its products running on OS X.
However, Apple has not published any information on the security fixes for its computers and smartphones to date.
Some of the patches are believed to cause slowdowns in a computer’s performance by up to 30 per cent, although Intel has reportedly denied it. If you require any assistance from a local IT firm, feel free to contact us.