Meltdown and Spectre bugs: How to protect your devices from the security chip flaw
The researchers at Google’s Project Zero and academic institutions including the Graz University of Technology in Austria discovered the problem last year and disclosed it Wednesday.
After the news was released, tech companies scrambled to update their operating systems, web browsers and antivirus software to help guard against the attacks, but experts say the patches are unlikely to fully solve all the issues.
Here is what you need to know about the computer chip flaws.
What are the bugs?
The two vulnerabilities are being called “Meltdown” and “Spectre.”
Meltdown only affects laptops, desktop computers and internet servers with Intel chips and could let hackers steal data, such as passwords saved in web browsers.
Spectre affects chips in smartphones and tablets, as well as computer chips from Intel, ARM Holdings and Advanced Micro Devices (AMD). Hackers can trick apps into leaking sensitive information.
Spectre is less dangerous than Meltdown but will be more difficult to patch. Researchers warned that Spectre is likely to haunt consumers for years.
WATCH: Ashley Madison hackers release personal information of extra-marital website’s users
What devices could be affected?
Any devices that use chips from Intel, AMD or ARM are at risk.
That includes the majority of Google’s Android phones and Windows PCs. All Mac systems and iOS devices are affected (iPhones, iPads, Apple TV).
Web browsers, such as Mozilla Firefox, Safari and Google Chrome, are also at risk.
What is being done about it?
Microsoft, Apple and Linux — the three major operating systems — said they are all issuing updates.
Apple said all Macs running the latest version of macOS, numbered 10.13.2, are safe. The same is true for the latest iOS version 11.2 for iPhones and iPads.
Apple said it will release updates to mitigate against Spectre “in the coming days.”
Microsoft released an emergency Meltdown patch for Windows 10 on Jan. 4, which will also be applied to Windows 7 and 8 machines.
Google said Android phones with the most recent security updates are protected, and users of web services like Gmail are also safe. Chromebook users on older versions will need to install an update. The release date for the update has not yet been set. Chrome web browser users are expected to receive a patch Jan. 23.
WATCH: Phone recycled at Rogers store sold on internet with personal information on it
What can you do?
The ideal fix would be to replace all chips in these devices with new ones without the security issues. But that is not feasible.
Security experts suggest downloading the “patch” updates when they become available and changing passwords for accounts that have personal information.
But make sure not to click on any links or attachments in emails that claim to be those updates.
Consumers should also be careful when visiting untrustworthy websites or installing unauthorized programs.
Will the fix slow down your device?
Intel said fixes for security issues in its microchips will not slow down your computer.
But some experts disagree.
WATCH: Apple apologizes for secretly slowing down older iPhones
“Processor slowdowns trickle down from data centres to everyone using the internet,” Bryce Boland, chief technology officer for Asia at cybersecurity firm FireEye told CNN. “People will feel many of their mobile devices taking a performance hit.”
Has anyone hacked into a device?
Intel said there are no known examples of hackers actually using these vulnerabilities to access information on consumers’ devices.
But unless there is a permanent fix (such as replacing the chip), hackers may still find a way in, experts said.
— With files from Reuters
© 2018 Global News, a division of Corus Entertainment Inc.