Vulnerable devices manufactured over the past 20 years
The press announces two newly discovered security vulnerabilities in devices, called Meltdown and Specter. These gaps are in microprocessors produced by Intel, AMD and ARM. They allow cyber criminals to steal important information (such as passwords, personal photos, e-mails) from almost every computer, mobile device, or even virtual information store (“cloud”) using microprocessor functions. This applies to Apple, Google, Amazon and Microsoft devices.
The good news is that security measures are already in place to protect most systems and products. They are constantly updated.
Bad news – security experts say these tools can slow down device performance, especially for those over five years old.
How does it work?
How Meltdown restores a photo from memory:
A person who wants to compromise and exploit these security gaps must be able to put a particular code on the user’s computer.
This can be done in a number of ways, for example, by executing such a code in a web browser, but Google and Mozilla have already closed this method. Also, an attacker can use your existing web server function to upload an image that is later converted on your server. Depending on the history of errors in graphic libraries, it is unlikely that malicious code will be executed in this way.
Alan Woodward, a cyber security expert, said that even if they had access to user information, they could only get CPU snippets. Finally, the fragments need to be clipped together to reveal passwords or encryption keys.
This means that first of all, Meltdown or Specter will be used by those who are ready to plan and perform more complex attacks than by cyber criminals.
The video below shows how the script reads the physical memory from the rest of the process (in this case, the browser password field data):
So what to do and how to protect your devices?
The only thing you can do is upgrade your existing software. Apple, Microsoft, and Google have already released tools to help protect against the vulnerability. Check your phone’s settings for updates. Chrome, Firefox, and Safari browsers are about to upgrade.
How does it affect hosting work?
If you are the owner of a website, then what you can do to protect yourself from Meltdown and Specter depends on the website hosting.
Major web hosting providers have already started patches of these security vulnerabilities. You can also:
- check your hosting provider information about their system status
- ask for immediate fixes if they are not already installed,
- Ask if this will affect your site’s performance and whether these impacts will be visible to your end-users.
Shared Hosting (Serveriai.lt, Hostex, etc.)
There are many websites on the server that works alongside many others. These servers have a certain level of security that ensures the protection of one site from another. This “wall” between sites is sufficient for normal operations, but it may be damaged. Because all sites are running on the same computer, this vulnerability could allow a malicious website to illegally access other sites.
In this case, service providers are responsible for solving security issues in their core systems.
Managed WordPress Hosting (WP Engine, Pantheon, etc.)
Such website hosting uses cloud computing platforms. Most of them have already taken care of the security of their main platforms due to Meltdown and Specter security issues. However, hosting providers using such site hosting will also need to install patches on their systems.
Cloud Hosting (Hostex, OVH, etc.)
As mentioned above, major cloud computing providers are rapidly deploying patches to their platforms. However, as you are responsible for maintaining your virtual server, you should upgrade your operating system as soon as possible.
Dedicated servers, In this case, the risk of the above-mentioned security threats is minimal, but it is recommended to update the operating system.
What are the biggest companies doing?
„CNN tech“ says that all companies knew about these security gaps before publishing them publicly and were ready to remove them.
- Intel
The company „Intel“ is most affected by these problems. Specter affected everyone, but Meltdown only affected Intel and ARM. In addition, it only affected the best ARM models. So every microprocessor produced over the last five, ten or even twenty years is vulnerable.
Intel claims to solve the problem with other microprocessor manufacturers.
- Microsoft
Microsoft tips for consumers on this topic. The company has already released updates for Windows 10, Windows 8.1 and Windows 7. If your computer has automatic updates turned off, go to Windows Settings and install the updates. Also, the latest versions of Microsoft Edge and Internet Explorer browsers have been released.
Released Android and Google Cloud updates, waiting for Chrome to update. Google-supported Android phones, including Nexus and Pixel devices, will receive upgrades, but other Android users will have to wait for updates from their manufacturers. The next Chrome browser update will be released on January 23, but Google has released a list of computers that will not receive updates due to older models.
- Apple
Apple has revealed that all Mac and iOS devices are affected by these threats except Apple Watch. The company has released updates for iPhone, iPad, Mac and Apple TV, and the upgrade to Safari is about to be released in the coming days. Make sure all your updates are installed on your devices.
Our advice
Make sure content management systems are up to date and have the latest security patches installed. Upgrade your existing software on personal computers. Keep in mind that these security gaps have been discovered recently, so tips on how to protect them can change over time, and their removal can take time.
Interested? Let's discuss your project
Call us or write us an email and we will arrange a meeting, during which we will discuss your project and our ideas for you.