My Queue

There are no Videos in your queue.

Click on the Add to next to any video to save to your queue.

There are no Articles in your queue.

Click on the Add to next to any article to save to your queue.

There are no Podcasts in your queue.

Click on the Add to next to any podcast episode to save to your queue.

You're not following any authors.

Click the Follow button on any author page to keep up with the latest content from your favorite authors.

Hackers

What Should Entrepreneurs Know About Meltdown and Spectre?

If you install the latest patches, the only attacks you need to worry about are the ones that have already occurred.
What Should Entrepreneurs Know About Meltdown and Spectre?
Image credit: Meltown & Spectre
Guest Writer
5 min read

If you’ve been paying attention to tech news lately, you’ve probably heard about Meltdown and Spectre. Their names sound like comic book supervillains, but in reality, they’re as capable of wreaking damage as are Magneto and Venom -- except that they damage businesses.

Related: Apple Discusses 'Spectre' and 'Meltdown' Fixes on iOS, MacOS

If you're a business owner, you need to understand what your resulting vulnerabilities are and what you can do to protect your business.

What are they?

Essentially, Meltdown and Spectre are known security bugs that have the potential to affect nearly every computer or digital device in the world. Most security bugs affect either hardware or software -- for example, they might come from a problem with the way your device was constructed or represent a vulnerability to outside influence associated with the back-end code of an app or specific program.

Meltdown and Spectre are different: They exist at an architectural level within processors. Inside a kernel, the core of a computer’s operating system, data passes through in a plain, unencrypted form. Within the system, there are powerful protections designed to shield this unencrypted data from being observed or interfered with by outside sources.

Related: What You Need to Know About the Major Flaws Affecting PCs and Smartphones

Yet Meltdown and Spectre techniques are able to get around those protections. Hypothetically, this allows them to observe any actions you take on a computer, such as typing out a password, accessing private information or sending encrypted communications.

Meltdown, specifically, affects Intel processors, and exists as a kind of brute-force attack, breaking through the shield that prevents applications from reaching the kernel memory.

Spectre, meanwhile, affects Intel, AMD and ARM processors. And that means it can affect smartphones, wearables and almost anything with a chip in it; rather than breaking down a barrier, Spectre works by tricking an application into revealing ordinarily protected information.

How they were discovered

Meltdown and Spectre were initially discovered -- and given cute names and logos -- independently by three separate teams operating around the same time. Those team members included Jann Horn of Google Project Zero, Werner Haas and Thomas Prescher of Cyberus Technology, and Daniel Gruss, Moritz Lipp, Stefan Mangard and Michael Schwarz of the Graz University of Technology.

The timing of those discoveries, within mere weeks of one another, seems surprising, given that these bugs had been present for more than 20 years. However, the coincidence actually wasn't that surprising: Many bugs are discovered by multiple teams independently and around the same time, even if they’ve been dormant but existent for years.

There are many possible explanations, including the fact that multiple teams might be inspired or prompted by the same circumstances and that teams tend to withhold such information until the bug is discovered by others.

Should you panic?

The worst-case scenario is a bad one. If someone has been using Meltdown and Spectre to spy on your devices, they could easily steal your passwords and compromise your data. And, because almost every device in the world is affected on some level by these vulnerabilities, you aren’t immune from the possibility.

If hackers got to your device before the bug was discovered, your information may already be compromised.

Even so, there’s no reason to panic. There are software patches for both Meltdown and Spectre, which effectively guard against their use. If those patches are applied, you’ll be protected from present and future attacks -- though if you’ve already been affected, there’s no way to retroactively undo that damage.

What you should do right now

So what should you do to deal with these vulnerabilities? Four things:

  • Update your devices. Take whatever personal and professional devices you have and make sure they’re equipped with the latest OS and software updates. If you have your devices updating automatically, this should have already taken place -- but it never hurts to double check.
  • Keep an eye on your important accounts. Just in case your device was affected before the patches were applied, keep an eye on your most important accounts. If you notice any suspicious activity, report it right away.
  • Change your passwords. As an extra precaution, consider changing your passwords, and choosing strong, multi-character passwords as your replacements.
  • Watch the news. Keep an eye out for more updates in case the story develops.

Meltdown and Spectre were scary because they've taught us a valuable lesson: Security bugs and vulnerabilities can lurk anywhere, sometimes for decades before they’re discovered. But these bugs, in particular, are officially squashed -- assuming you've installed the requisite patches.

Related: 'Venom' Vulnerability: Serious Computer Bug Shatters Cloud Security

If you install the latest patches, the only attacks you’ll need to worry about are the ones that have already occurred. And if you monitor your accounts carefully, you can respond to any suspicious activity immediately.

Is Your Computer Being Held Hostage? What to Do.