In the world of tech, security breaches are no anomaly. Nearly every week brings screaming headlines about a breach that can potentially expose thousands, if not millions, of users to hackers and identity thieves. But early this month, a potential breach was discovered that may require tens of thousands of computers and Android phones to be redesigned.
A huge security flaw was found in the architecture of computers and devices designed by Intel, the world’s largest manufacturer of PC microprocessors. Further research revealed that there were actually two separate vulnerabilities, both of which could allow hackers to access the most sensitive parts of computers, and by extension, the information contained therein.
The flaw was discovered by Google researchers who claim it affects nearly every modern device used today. And, of course, there are many questions being asked by many consumers:
- Does this mean we all need to trash our computers and smartphones?
- Are we all at risk of being hacked?
- What steps has the company taken to repair the problem?
- Does every computer need to be redesigned?
So many questions! No worries, though; we’ve got answers. Here’s what you need to know about the Intel vulnerabilities:
The two flaws
The exposed bugs are respectively called Meltdown and Spectre, and each presents a separate potential problem.
Meltdown is considered to be the less significant threat and has already been fixed in many computers with an effective patch.
The Spectre vulnerability is a bit more problematic. It involves the foundation of the chips that form the computer’s infrastructure. This means it is likely that the problem cannot be fixed unless the devices are redesigned and replaced.
Perhaps more frightening is the fact that the flaw affects an allegedly secure area of the chip architecture, where information like passwords and encryption keys are stored. If exploited, it can grant hackers unchecked access to all this information.
It is important to note that the two discovered flaws represent problems in the hardware of the product, and not in the software, making them more difficult to patch. This also means the number of affected devices is astronomical, and includes operating systems like Windows, Linux, Android, macOS, iOS Chromebooks and more.
Can the flaws be fixed?
As mentioned, the Meltdown flaw can be easily amended with a patch. While the patch effectively resolves the vulnerability, it also tends to slow down computer systems by a full 30%. In some cases, it has caused systems to crash unexpectedly. Despite these drawbacks, Intel urges all consumers to use the patch.
Spectre, on the other hand, has no known fix. While fearful consumers are demanding a redesign, many experts claim that redesigning computers may not even resolve the flaw. That’s because there is currently no known solution for the problem. This can mean that it will be many years before computers and chips include complete fixes for the Spectre flaw.
Aside from Intel’s patch, frantic mitigation efforts have been coming from every corner of the technology industry, from chip vendors to OS vendors like Microsoft and Apple.
Several weeks after the flaws became public knowledge, every major tech company has released patches or an updated system that can effectively resolve the flaws.
Have the flaws been exploited?
The greatest threat these flaws pose is to serve as an easy hunting ground for hackers. But there’s good news: There have been no known exploits of the flaws thus far. In fact, the company is keeping all the details of the two problems under wraps, so attackers won’t know specifically how to access them for entry into private computers and devices.
How has Intel responded to the flaws?
Security researchers have actually known about the flaws for months – and have been secretly working to patch them during that time. In fact, most consumer systems are already patched against Meltdown.
Intel has also made several statements in response to the discovery, though it hasn’t addressed the problem of Spectre and the potential need for a massive redesign of its product.
“Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available,” Intel said in its initial press release. “Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied.”
Is Intel the only company that has been affected by the discovery?
Intel is taking most of the heat for the two flaws, but research revealed that, while Meltdown mostly impacted Intel chips, Spectre affects other chips, including AMD and ARM processors and IBM’s Power chips.
Fingers continue to point at Intel, as the world’s largest company of chip makers. The company clearly knew about the problem for some time and failed to let the public know. Critics also claim Intel is not responding to legitimate concerns, and is continuously brushing off pointed questions about Spectre.
As a consumer, what do I need to do now?
First, don’t panic. As of now, the vulnerabilities have not been exploited by hackers. Second, know that Intel is hard at work trying to fix the flaws and will keep sharing patches and updates as they become available. Be sure to apply any updates as they reach the market and keep your antivirus software updated and operating at its strongest level.
Your Turn: Do you think Intel is doing all it can to mitigate the two flaws?