We reckon there’s a relatively simple rule to follow when answering this question – it’s when the technology industry and authorities alike openly begin referring to a bug or vulnerability using a distinctly ominous sounding name.
Using this approach we can say beyond any doubt that the news today has delivered something of a ‘double whammy’ on the information security front with many major outlets, including the BBC, reporting the emergence of Meltdown and Spectre.
Now, if they aren’t labels to strike fear in to the heart of tech consumers everywhere then we don’t know what are! (That, or it’s a hotly tipped new duo about to drop the hottest grime track of 2018. You decide. – Ed.)
Are these new vulnerabilities really as scary as they sound though?
Well, it’s often easy just to write off the latest technology fear as yet another scare story which never actually results in the nightmarish outcomes predicted by doomsayers in the media. This has been the case amongst the public ever since the Millennium Bug failed to bring civilisation crashing down, leaving us all with large stocks of tinned food and a distinct feeling that the experts didn’t really know what they were talking about.
In an era now where shunning expert opinion seems to have become the norm though, we really do think the Meltdown and Spectre vulnerabilities warrant being taken seriously. The consequences of not doing so could be truly disastrous.
The main reason for this is the potential reach of the combined security vulnerabilities with Meltdown and Spectre affecting the global leaders in CPU computer chip production. Meltdown affects almost every desktop machine, laptop computer or cloud server using an Intel CPU, while the threat of Spectre could be even more widespread with smartphones, tablets and computers using CPUs produced by Intel, ARM and AMD potentially affected.
In short, just about everybody is likely to be at risk from one or the other (or both).
Meltdownattack.com neatly summarises the vulnerabilities when it says:
“Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory. Spectre tricks other applications into accessing arbitrary locations in their memory. Both attacks use side channels to obtain the information from the accessed memory location.”
There is therefore no limit to the type of data at risk on a machine when infected by a malicious application developed to target either the Meltdown or Spectre vulnerabilities. Highly sensitive data and credentials (passwords etc.) are potentially sitting ducks to cyber criminals if they are able to capitalise on the security flaws.
The good news is that the various technology giants supplying major operating systems globally will have been the first (non-malevolent actors at least) to have uncovered and been informed on the vulnerabilities, likely many months before the public became aware.
This means there has been time for security updates and patches to be developed and Microsoft, Apple, Linux and Google (Android OS) have confirmed they have already issued or will soon be issuing wide-ranging fixes. Despite this, it is also worth mentioning that when it comes to Microsoft Windows, the World’s most used operating system, that anyone using an OS older than Windows 10 will remain vulnerable as patches will not be issued for these.
There has been speculation amongst some tech insiders that the updates required to patch the holes that Meltdown and Spectre leverage will affect CPU performance – it’s even been suggested the discovery of these vulnerabilities will force a fundamental rethink on how CPUs are designed and made – although this is as yet unconfirmed.
The reality is though that nothing should be placed above the importance of data security in the here and now. So, if there’s one thing you take from this article let it be this (and excuse the shouty bold capitals but we think it warrants it):
ADMINS AND USERS ALIKE, APPLY YOUR SECURITY PATCHES. IF THEY’RE MADE AVAILABLE IT’S FOR A REASON. DO NOT PUT IT OFF.
Oh, and one last thing – don’t have nightmares now readers.