“Meltdown” and “Spectre” vulnerabilities pose threat to devices

Students, staff and anyone with a computing device could be affected by two recent computer vulnerabilities.

According to an overview released earlier this month by Andrew Green, a lecturer of information security and assurance at KSU, “Meltdown” and “Spectre” are new vulnerabilities in central processing unit chips produced by Intel, AMD and ARM.

The vulnerabilities exist due to a fundamental design flaw in how the chips are made. Since every computing device uses a CPU, users of any device are at-risk of having sensitive information leaked.

“For example, let’s say you have an application where you provide a password. Well, the password is then stored in memory,” Green said.

The result of the vulnerabilities is access to anything stored in the memory, such as sensitive and confidential information.

Because the vulnerabilities are due to hardware flaws, they cannot be patched using software, according to Green’s overview. The only way to completely remove the threats is to physically replace and redesign the CPU chip, which is extremely costly for both the consumer and manufacturer.

“The impact of this vulnerability is going to be present for twenty-plus years,” Green said.

Until a new chip is produced that circumvents the flaw, all computing devices are at risk.

Green suggests students and staff use antivirus software and install any new recommended updates to their operating system, along with any new updates to web browsers and other software. Use of an ad-blocker is also highly recommended as malicious code can hide in advertisements.

Green also warns consumers to be cautious when downloading and installing new software and to make sure that any new software or patches come from reputable sources.

“The important thing is to not freak out, not to panic,” Green said. “As a consumer, the best thing you can do is download your updates from reputable sources.”

Green credits Daniel Miessler for his clear description of both vulnerabilities.

Leave a Reply

Your email address will not be published. Required fields are marked *