Software solutions in train to combat computer chip security flaws

Tech giants focus on software updates to prevent hackers accessing user data

Apple said its iPads, iPhones and Macs were affected by Spectre and Meltdown, but it had taken steps to protect users of iOS 11, MacOS and its latest Apple TV software from the flaw. Photograph: AFP/Getty Images
Apple said its iPads, iPhones and Macs were affected by Spectre and Meltdown, but it had taken steps to protect users of iOS 11, MacOS and its latest Apple TV software from the flaw. Photograph: AFP/Getty Images

The year isn’t a week old and already tech firms have had a rough time of it.

Earlier this week, anybody who uses a smartphone, tablet or PC was informed that the device they entrust with so much information may be at risk from hackers.

While that may not seem like news – aren’t we always fending off one threat or another? The difference this time is that it’s not software that’s to blame. This time, the security threat is within the hardware – more specifically, the microchip.

What happened?

Earlier this week it emerged that every smartphone, tablet, laptop and PC has a flaw in their microchips that could allow hackers to gain access to confidential information such as passwords.

READ MORE

There are two separate problems. One, named Meltdown, affects Intel chips for laptops and servers. The second, named Spectre, affects Intel chips and those made by rival AMD, but also chips based on designs from ARM – which run in most smartphones and tablets.

What does it do?

To make sure our computers, smartphones and tablets work quickly, processors have to do a certain amount of guesswork about what data and functions they’ll need next, having them ready to go when they’re called upon. But that has also left them vulnerable to attack, by allowing access to data that is normally securely cordoned off.

Exploiting Meltdown, hackers could potentially read computer memory to access passwords and other information. The good news is that it can be fixed with a simple software patch for your system, and they are already in the works; in some cases, they are ready to go.

Spectre is considered less dangerous in the immediate term, but could be more of a problem as it is harder to fix. Using this flaw, hackers can trick apps into leaking sensitive information.

What’s the real risk?

So far, no one has seen the flaws exploited in the wild. The issue was discovered by Google and academic researchers last year, and they had been working with the tech firms to try to put a fix in place before releasing any information on the problem. However, it seems they were forced to go public about it earlier than planned, leaving companies rushing to find a fix before someone figured out how to use the vulnerability to cause a real problem.

To exploit the flaw, hackers would have to get malicious software running on a vulnerable microchip, which would allow them to access data from other software on the machine.

How does this affect me?

If you use any of these devices – and chances are pretty high that you do – you will need to be aware of the potential security threat it poses.

Be careful what you are installing on your device. To exploit the vulnerability, bad software needs to get into your machine, so the less opportunity for that the better. Download software only from trusted sources – in Apple’s case, the official App Store – and be careful about clicking on unsolicited links.

The good news for users of Android devices is that users who have installed its most recent security updates are already protected, as are Gmail users. A patch for Chrome browser will be available later this month, and Chromebook users will have to wait for their update to be released.

Apple has confirmed that its iPads, iPhones and Macs are affected by both Spectre and Meltdown, but it has already taken steps to protect users of iOS 11, MacOS and its latest Apple TV software from the flaw. The company said it will be issuing updates for Safari on MacOS and iOS in the coming days, to guard against any potential exploit in JavaScript on the web browser. Updates for iOS, macOS, tvOS, and watchOS that will further guard against Spectre will be released soon.

The next time you see the software update icon pop up on your laptop, tablet or smartphone, don't ignore it. Microsoft has already issued a patch for its operating system, and others will be following suit. If you don't install the update or delay it in any way, your machine will remain vulnerable for longer.

Make sure your antivirus is up to date too. It may not block everything – new threats emerge all the time – but making things more difficult for those who want to spread bad software isn’t something you should dismiss.

To update your Mac, go to the Mac App Store on your machine and open the Updates tab. The update will appear there when it is available. On your iPad or iPhone, go to Settings>General>Software Update.

To update your Windows 10 system, go to Settings>Update & Security>Windows Update> Check for updates. On Windows 7, go to Control Panel>System & Security>Windows Update>Check for Updates.

You should also check for updates to your web browsers – Chrome and Firefox.

Anything else?

Consider installing an ad blocker, at least until the update for your device has been released. While some websites rely on advertising for revenue, ads can sometimes carry malicious code and the owner of the site doesn’t have complete control over this. Blocking ads would help guard against this.

Ciara O'Brien

Ciara O'Brien

Ciara O'Brien is an Irish Times business and technology journalist