Serious security vulnerabilities have been found in the microprocessors fitted in almost all computers, laptops, tablets and smartphones worldwide. Known as ‘Meltdown’ and ‘Spectre’, we explain what you need to know about the developing situation.
Discovered in the central processing unit (CPU), the ‘Meltdown’ and ‘Spectre’ flaws could compromise sensitive data including passwords and encryption keys on billions of devices worldwide. Thankfully, the potential risk can be mitigated and industry experts are encouraging users not to panic. Speaking of the news, a spokesperson for the National Cyber Security Centre was keen to point out there is currently no evidence that the vulnerabilities have been exploited and patches for all major platforms are either being produced or released as we speak. Air-IT would like to reassure our clients that we are closely monitoring the situation and deploying updates to all of our managed support clients as they become available.
About Meltdown and Spectre
According to reports, leading tech companies have been aware of the ‘meltdown’ and ‘spectre’ vulnerabilities for several months but have been keeping it a closely guarded secret while experts worked on a fix. This lack of urgency might seem concerning or even negligent, but since the weakness was not publicly known it was not considered a significant threat. Now widely reported as a front-page headline, it is possibly a matter of time before hackers find a way to exploit the weakness. In order to do this, an attacker would first need to gain access to the computer. Tactics such as sending phishing emails could be used to introduce malware which would run code needed to manipulate the ‘Meltdown’ and ‘Spectre’ vulnerabilities thus revealing sensitive and otherwise secret information held in the computer memory. Therefore, we are urging our clients and end users to remain vigilant and treat any unexpected emails with extreme caution, particularly those containing web links and attachments that could be malicious.
Protecting your devices
There are no single fix solutions to protect yourself against potential cyber-attacks but you can mitigate the risk by implementing a layered approach to Cyber security. Air-IT have installed all available and relevant operating system updates to all of our managed support clients and will continue to do so as and when further updates are released. In addition to this we are advising individuals to install the latest available updates on their personal computers, laptops and mobile devices since many companies now operate a BYOD (Bring Your Own Device) policy. Companies including Google, Apple and Microsoft have all released statements on their respective advice pages that if the software on their devices is up to date then the user is protected as far as possible. Finally, you should ensure that you’re not running unsupported devices as these will not receive further updates. Chief Technology Officer and Head of our specialist cyber security division, Air-Sec, Sam Reed says:
Once again, we’d like to reassure all clients that we are keeping a close eye on the situation and will continue to provide updates as they develop.
Although no breaches using the bug have been reported so far there are most certainly cyber criminals already working on a way to use ‘Meltdown’ & ‘Spectre’ to access the personal and private details of individuals. I want to stress that there is no need for our clients or members of the public to panic, if you keep your devices and operating systems up to date you lower the risk of becoming a victim exponentially.
The National Cyber Security Centre (NCSC) has published guidelines relating to Meltdown and Spectre on their website with an up-to-date list of responses and advice from major technology suppliers. Read the National Cyber Security Centre's response here If you have any concerns about the security of your business devices, then please contact us on 0115 880 0044 and we will be more than happy to advise you further.