BREAKING NEWS US executes 2nd man in a week; lawyers said he had dementia Full Story

Computer chip flaws impact billions of devices

Cybersecurity expert Bryce Boland explains how the flaws, called Meltdown and Spectre, affect computers and smartphones and what it will take to fix the vulnerabilities.

Posted: Jan 5, 2018 12:10 PM
Updated: Jan 5, 2018 12:10 PM

Chances are you own a smartphone or computer that contains a chip hackers could potentially exploit to get access to sensitive information.

That's because billions of devices are affected by two major security flaws revealed by cybersecurity researchers on Wednesday.

The flaws -- dubbed Meltdown and Spectre -- affect processing chips made by Intel, AMD and ARM Holdings. That means if you use a desktop, laptop, smartphone or cloud service from Apple, Google, Amazon or Microsoft you might be vulnerable.

Related: Apple says all Macs and iOS devices affected by chip flaws

Don't panic. Here's what you should do.

1. Update your software!

Spectre is the main threat because it is present in billions of devices. Meltdown appears to affect only Intel chips.

The U.S. government-funded Software Engineering Institute initially said vulnerable chips may eventually have to be replaced altogether. It subsequently updated its guidance to say that software updates can provide a partial fix for now.

"Because chip replacements are not going to happen tomorrow, realistically, software is being updated," Sitaram Chamarty, a security researcher at Tata Consultancy Services, told CNNMoney.

Chamarty says that while Spectre may be tougher to combat, the threat from Meltdown can be mitigated through the software updates.

"It has to kind of trickle down, hopefully in another few days it will all be done," he added.

Related: Businesses scrambling to deal with computer chip debacle

Intel says it is working with AMD and ARM to fix the problem, and many tech firms have already released -- or are about to release -- software updates to secure their devices.

Microsoft has already released security updates for Windows users, and is taking steps to protect users of its cloud computing services. Google and Amazon are also updating their cloud services.

Apple said Thursday that it had already issued fixes for Meltdown for its various operating systems, and added that it plans to release similar fixes in its Safari browser "to help defend against Spectre" in the coming days.

"We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS," Apple said.

Dell said it was "working with Intel and others in the industry to investigate and address the issue." It directed customers to Intel's statement, and said it would post "a list of affected platforms and remediation" soon.

2. Brace yourself for slower devices

An unfortunate downside of the software updates is that they might slow your computers and smartphones.

Patches deployed to combat the flaws could slow computers by as much as 30% depending on what you're trying to do, according to estimates posted on Linux message boards.

Intel said it does not expect users to experience any performance issues. Experts disagree.

"Processor slowdowns trickle down from data centers to everyone using the internet," said Bryce Boland, chief technology officer for Asia at cybersecurity firm FireEye. "People will feel many of their mobile devices taking a performance hit."

Related: Intel CEO's massive stock dump raises eyebrows

Chamarty says removing the vulnerability requires a fundamental change in the way modern processors operate -- a function called "speculative execution" -- a change that could drastically reduce speeds.

"If you're going to disable this, then you're back to ... many, many years ago, we're talking 10 years," he added. "Imagine running at those speeds now."

3. Wait, watch and hope

The good news: The vulnerabilities provide new avenues for hackers to mount attacks, but analysts say doing so is not straightforward.

"The effort to mount this attack is quite significant," Chamarty said.

The heavy lifting could dissuade hackers from targeting anyone but "big fish" such as heads of government agencies, he added.

But the downside is that there isn't really a permanent solution at the moment, meaning hackers could have plenty of time to figure out a way in.

Related: Major chip flaws affect billions of devices

"Resolving this issue will take time and incur costs," Boland said. "Vulnerable systems will likely remain in operation for decades."

Chamarty warned that even the mass replacement of computer chips may not necessarily help.

"It seems to be a cost of the way processors are currently designed, there's no true solution currently in sight," he said.

"If somebody finds an ingenious method by which [attacks] can be made more generic, less cumbersome to mount... then we have real problems."

-- Selena Larson, Yazhou Sun and Vinayak Dewan contributed to this report

Terre Haute
Overcast
70° wxIcon
Hi: 86° Lo: 65°
Feels Like: 70°
Robinson
Overcast
67° wxIcon
Hi: 84° Lo: 63°
Feels Like: 67°
Indianapolis
Overcast
72° wxIcon
Hi: 84° Lo: 67°
Feels Like: 72°
Rockville
Overcast
66° wxIcon
Hi: 85° Lo: 64°
Feels Like: 66°
Casey
Overcast
69° wxIcon
Hi: 85° Lo: 64°
Feels Like: 69°
Brazil
Overcast
70° wxIcon
Hi: 85° Lo: 65°
Feels Like: 70°
Marshall
Overcast
70° wxIcon
Hi: 85° Lo: 64°
Feels Like: 70°
Heat and Humidity Return
WTHI Planner
WTHI Temps
WTHI Radar

WTHI Events

 

Illinois Coronavirus Cases

(Widget updates once daily at 7 p.m. CT)

Confirmed Cases: 157825

Reported Deaths: 7427
CountyConfirmedDeaths
Cook966624745
Lake10561429
DuPage9867492
Kane8218286
Will7436328
Winnebago3215106
St. Clair2436145
McHenry2347103
Kankakee145466
Madison131071
Rock Island125230
Unassigned1172201
Champaign108917
Kendall108621
Peoria73630
DeKalb66522
Boone64121
Sangamon58733
Jackson36619
McLean34015
Randolph3377
Ogle3254
Stephenson2876
LaSalle28617
Macon25922
Clinton25617
Whiteside22415
Union21519
Coles20917
Adams2081
Grundy2025
Tazewell1968
Iroquois1795
Knox1760
Williamson1734
Monroe17113
Warren1500
Cass14010
Morgan1354
Henry1251
Jefferson12317
Lee1102
McDonough11015
Vermilion962
Montgomery902
Pulaski860
Marion810
Macoupin753
Perry631
Douglas620
Livingston582
Jo Daviess571
Woodford552
Franklin540
Christian534
Jersey481
Jasper477
Clark450
Bureau442
Ford421
Effingham351
Menard330
Cumberland310
Johnson290
Mason290
Mercer290
Fayette283
Moultrie280
Washington280
Logan270
Alexander260
Shelby231
Wabash230
Bond211
Carroll212
Hancock211
Piatt210
Crawford200
Edgar200
Saline200
Wayne191
De Witt180
Fulton180
Massac170
White170
Schuyler140
Lawrence130
Marshall130
Greene120
Brown100
Richland100
Clay80
Gallatin80
Henderson80
Pike80
Hamilton70
Stark60
Edwards50
Calhoun20
Hardin20
Pope20
Out of IL10
Putnam10
Scott10

Indiana Coronavirus Cases

(Widget updates once daily at 8 p.m. ET)

Confirmed Cases: 53370

Reported Deaths: 2785
CountyConfirmedDeaths
Marion12276699
Lake5831252
Elkhart379462
Allen3013136
St. Joseph229470
Hamilton1800101
Cass16559
Hendricks1496102
Johnson1379118
Vanderburgh9056
Porter87338
Tippecanoe80210
Clark73644
Madison69364
LaPorte64828
Howard62158
Bartholomew61245
Marshall60112
Kosciusko5984
Noble53028
Boone50144
LaGrange49110
Delaware48752
Jackson4853
Hancock47636
Shelby46425
Floyd43544
Monroe38528
Dubois3657
Grant34726
Morgan34731
Henry30718
Montgomery29920
Clinton2953
Dearborn28924
Warrick28529
White28310
Vigo2658
Decatur25732
Lawrence25425
Harrison22122
Greene20033
Miami2002
Jennings18112
Putnam1798
DeKalb1714
Scott1679
Wayne1676
Perry16411
Daviess15517
Jasper1422
Steuben1413
Orange14023
Gibson1382
Ripley1377
Franklin1328
Wabash1233
Starke1183
Carroll1152
Whitley1116
Fayette1097
Newton10110
Jefferson982
Huntington942
Wells851
Fulton811
Randolph814
Knox770
Posey750
Jay720
Washington701
Clay675
Pulaski661
Rush653
Spencer641
Sullivan581
Owen541
Adams521
Benton510
Brown461
Blackford412
Fountain382
Crawford350
Tipton351
Switzerland310
Martin280
Parke280
Ohio230
Vermillion200
Union170
Pike160
Warren161
Unassigned0193