Additionally, the fixes issued tend to degrade system performance and speed.
Meltdown affects all Intel processors made since 1995 and Spectre affects processors from a variety of firms. Essentially, every laptop, desktop, tablet, smartphone, and cloud computing system is affected.
What are Meltdown and Spectre?
Meltdown and Spectre are considered to be the largest security vulnerabilities in history. Nearly every desktop and laptop computer are affected.
Meltdown is a flaw that puts computers at risk for hackers bypassing the hardware barrier between applications during use and the computer’s core memory – something that is usually well protected.
Spectre presents a similar risk, but provides access to hackers and enables them to “trick” otherwise error-free applications into revealing sensitive information.
What’s at Risk?
The core system, known as the kernel, is where sensitive information is stored. Data that could be exposed to anyone exploiting the bugs could include:
- Banking records
- Credit cards
- Financial information
- Other secret information
In addition to individual consumers and businesses, cloud service providers including Google, Amazon, and Microsoft are also affected. These companies could be responsible for software and hardware fixes, though each reported being hopeful the problem won’t have a significant impact on performance.
Amazon said it was in the process of patching systems, while Google said that the majority of its systems have been updated, but might need some additional customer action. Microsoft said it was in the process of deploying fixes to its cloud systems.
These problems have been a black mark on Intel’s reputation and could give other companies a bargaining chip in the future.
At the moment, nobody is sure exactly how much Meltdown and Spectre are going to cost. Banks and financial services firms are just beginning to investigate the impact of the problem.
Has Data Already Been Stolen?
According to the UK’s National Cyber Security Centre, it is unlikely Meltdown and Spectre are actively being used to steal data yet, but it’s possible.
People in the industry assume it won’t be long before hackers develop programs to launch attacks now that the information is available if they haven’t already.
Even more disturbing – there are little consumers can do about the problem.
The best fixes available at the moment include updating computers with the latest security fixes already available for Linux and Windows. Chromebooks and Android devices running Google’s Nexus and Pixel smartphones are already protected. Apple advised customers to download the most recent update and to only use software from the App Store and reported no known exploits so far.
Fixes that are expected for Spectre are unlikely to degrade systems, but there are concerns that Meltdown fixes will have a significant impact.
This system degradation is because of the separation of the application and kernel memory required to prevent the flaws from being exploited. Separating the two memory systems means tasks that constantly require the kernel to do things could take much more time because the processor will need to switch back and forth between the application memory and the kernel memory.
Some predict up to 30 percent slower performance in some tasks.
At the moment, the focus is on fixing the problem, but the aftermath could last for years and set a historic precedent in cybersecurity.