January 5, 2018 2:12 pm
Updated: January 5, 2018 2:41 pm

Meltdown and Spectre bugs: How to protect your devices from the security chip flaw

ABOVE: Security researchers have disclosed a set of security flaws that they said could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel and AMD.


A set of security flaws in microchips could allow hackers to steal personal information from your computer, smartphone and tablet, a group of researchers said.

The researchers at Google’s Project Zero and academic institutions including the Graz University of Technology in Austria discovered the problem last year and disclosed it Wednesday.

READ MORE: Most computers, smartphones vulnerable to newly discovered security flaws

After the news was released, tech companies scrambled to update their operating systems, web browsers and antivirus software to help guard against the attacks, but experts say the patches are unlikely to fully solve all the issues.

Here is what you need to know about the computer chip flaws.

What are the bugs?

The two vulnerabilities are being called “Meltdown” and “Spectre.”

Meltdown only affects laptops, desktop computers and internet servers with Intel chips and could let hackers steal data, such as passwords saved in web browsers.

READ MORE: 6 tips to protect your personal information when using public Wi-Fi

Spectre affects chips in smartphones and tablets, as well as computer chips from Intel, ARM Holdings and Advanced Micro Devices (AMD). Hackers can trick apps into leaking sensitive information.

Spectre is less dangerous than Meltdown but will be more difficult to patch. Researchers warned that Spectre is likely to haunt consumers for years.

WATCH: Ashley Madison hackers release personal information of extra-marital website’s users

Story continues below

What devices could be affected?

Any devices that use chips from Intel, AMD or ARM are at risk.

That includes the majority of Google’s Android phones and Windows PCs. All Mac systems and iOS devices are affected (iPhones, iPads, Apple TV).

Web browsers, such as Mozilla Firefox, Safari and Google Chrome, are also at risk.

READ MORE: Top 5 security tips to protect your credit card when shopping online

What is being done about it?

Microsoft, Apple and Linux — the three major operating systems — said they are all issuing updates.

Apple said all Macs running the latest version of macOS, numbered 10.13.2, are safe. The same is true for the latest iOS version 11.2 for iPhones and iPads.

Apple said it will release updates to mitigate against Spectre “in the coming days.”

Microsoft released an emergency Meltdown patch for Windows 10 on Jan. 4, which will also be applied to Windows 7 and 8 machines.

Google said Android phones with the most recent security updates are protected, and users of web services like Gmail are also safe. Chromebook users on older versions will need to install an update. The release date for the update has not yet been set. Chrome web browser users are expected to receive a patch Jan. 23.

WATCH: Phone recycled at Rogers store sold on internet with personal information on it

What can you do?

The ideal fix would be to replace all chips in these devices with new ones without the security issues. But that is not feasible.

Security experts suggest downloading the “patch” updates when they become available and changing passwords for accounts that have personal information.

READ MORE: Worry about yourself when it comes to cybersecurity, says federal security official

But make sure not to click on any links or attachments in emails that claim to be those updates.

Consumers should also be careful when visiting untrustworthy websites or installing unauthorized programs.

Will the fix slow down your device?

Intel said fixes for security issues in its microchips will not slow down your computer.

But some experts disagree.

WATCH: Apple apologizes for secretly slowing down older iPhones

“Processor slowdowns trickle down from data centres to everyone using the internet,” Bryce Boland, chief technology officer for Asia at cybersecurity firm FireEye told CNN. “People will feel many of their mobile devices taking a performance hit.”

Has anyone hacked into a device?

Intel said there are no known examples of hackers actually using these vulnerabilities to access information on consumers’ devices.

But unless there is a permanent fix (such as replacing the chip), hackers may still find a way in, experts said.

— With files from Reuters

© 2018 Global News, a division of Corus Entertainment Inc.

Report an error


Want to discuss? Please read our Commenting Policy first.

Global News