2018 kicked off with security researchers finding two serious security flaws in chips used in personal computers and mobile devices. The two flaws or bugs, named "Meltdown" (computers) and "Spectre" (mobile devices), make data stored in individual devices vulnerable to attack by allowing hackers to access and steal passwords, encryption keys, or other sensitive information from the device's memory1.

The Meltdown bug allows malicious programs to bypass security measures that would normally restrict access to a device's memory, which can give hackers access to data or even access to the core functions of a device2. The Meltdown bug affects most Intel processors developed over the past 20 years3. The Spectre bug, on the other hand, allows malicious programs to steal data from the memory of other applications running on a machine4. The Spectre bug is a far more wide-ranging and troublesome flaw, as it not only impacts Intel chips, but also the AMD and ARM processors commonly used in mobile devices such as cellular phones5.

A hacker may be able to exploit either Meltdown or Spectre by inserting code through a user's web browser, among other methods6. If an attacker did get access to a user's computer, they would get only small amounts of data from the processor. However, that data could eventually be pieced together to reveal passwords or encryption keys7. That means the incentive to use Meltdown or Spectre will most likely be for individuals prepared to plan and carryout a more complex cyber attack8. In other words, businesses are more likely to be the targets of one of these sophisticated and targeted attacks.

There do not appear to be any signs that attackers have used either bug to steal data yet9. But still, Microsoft, Google, Apple, and other tech companies have already begun providing software updates to address the Meltdown and Spectre bugs10. Unfortunately, these are software updates to patch a hardware problem, and the software fix has been shown to impact a device's performance, slowing down some devices as much as 30 percent11. But these updates alone will not be enough to protect businesses from these or similar cyber attacks.

Foontotes

1 Sam Schechner & Stu Woo, Tech Giants Race to Address Chip Flaws With a Potentially Vast Impact, The Wall Street Journal (January 4, 2018), https://www.wsj.com/articles/tech-giants-race-to-address-widespread-chip-flaws-1515070427.

2 Id.

3 Andy Greenberg, A Critical Intel Flaw Breaks Basic Security For Most Computers, (January 3, 2018), https://www.wired.com/story/critical-intel-flaw-breaks-basic-security-for-most-computers/?mbid=BottomRelatedStories.

4 Id.

5 Id.

6 Chris Baraniuk & Mark Ward, Meltdown and Spectre: How Chip Hacks Work, (January 4, 2018). http://www.bbc.com/news/technology-42564461.

7 Id.

8 Id.

9 Supra, note 1.

10 Id.

11 Supra, note 3.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.