Computer processor manufacturers are grappling with what many experts describe as a processor design flaw impacting every single computing device (Linux, Windows and Mac) on planet earth. Researchers named the flaw Spectre and Meltdown. In a bid to produce high-performance computers, chip makers for years, prioritised speed over security and this had led to this mess. Criminals can take advantage of the flaw to magically compromise the confidentiality of critical information on affected computers. Apparently, key tech companies were informed about the flaws and were secretly working on fixes, but the story broke prematurely and now everyone is rushing.
With most computing devices made in the last 20 years at risk, it’s worth taking stock of how the clean-up efforts are going. There are three main groups of companies responding to the Meltdown and Spectre flaw: processor companies, operating system companies, and cloud providers. Although everyone is at risk, immediate concern is for processor companies and Intel chips in particular. Cloud services, which often share computers among several customers, are also at risk.
Vendors have started to release fixes in form of updates for users to download. For now, there’s no patch for Spectre; the microprocessors have to be redesigned to prevent the attack, and that will take years. Patches against Meltdown can degrade performance by about 30%, but you may not notice it except maybe in backup programs and networking applications. For cloud providers, the impact on performance will be costly.
For the average user, you need not fret. The risk is arguably less significant. Neither Meltdown nor Spectre is sufficient on its own to, for example, break out of a Web browser. For now, your best bet is to update your devices and browsers as patches are released.
But more high-value targets, such as government institutions, big businesses, banks, industrial systems and infrastructure, and anyone targeted by a hostile nation state will all have reason to be concerned about Meltdown and Spectre for years to come.
According to security expert Bruce Schneier, 2018 will be the year of microprocessor vulnerabilities, so brace up; perhaps we haven’t seen the worst yet.
