Cybersecurity is going to be arguably the biggest trend – and threat – in 2018.
I wrote that sentence before the shock announcement last week from Intel that all (yes, all) of its processors have two serious security defects that were discovered last year.
In fact, all processors contain the vulnerabilities that could potentially make all computers insecure, as they affect chips made by Intel’s main PC rival AMD, and mobile-orientated processors by ARM and Qualcomm.
Appropriately called Meltdown and Spectre, like some bad names for villains and villainous plots in a spoof spy movie, these flaws affect just about every computing device, including smartphones, laptops, desktop PCs and tablets and may affect all operating systems.
Meltdown – which one of the researchers who discovered it, Daniel Gruss, called “probably one of the worst CPU bugs ever found” – could potentially allow hackers to access the processor’s kernel (the secure core that runs the deep innards of the operating system). The patches to fix this could slow the computer down by as much as 30%, it has been speculated, although Intel says “any performance impacts are workload-dependent” and ” should not be significant” for the average computer user.
Spectre is a much harder to exploit vulnerability – and therefore harder to patch – that could let hackers also gain access to data.
The repercussions are potentially devastating to our digital lives.
It’s a sobering thought to discover that the very underpinnings of our digital world – the processors that power the computers that power the internet – are themselves susceptible to hacking. At its core, the internet has potential flaws. Cloud service providers have rushed to reassure their users – and investors – that they’ve patched the Meltdown problems and that the perceived slowdowns aren’t as bad as initially feared unless you’re editing video or playing games. The difficulty of the much harder Spectre vulnerability could mean it will be harder for hackers to exploit, security experts have suggested.
Nobody knows if any exploits have been attempted or were successful, but the existential threat remains that our computer processors are themselves vulnerable.
Within a week several class-action suits had been filed in the United States.
After last year’s record-setting data breaches – 145m personal records from Fairfax in the US, 57m from Uber which paid a hacker $100,000 to destroy the data and then covered it up for a year, and some 60m in the Masterdeeds leak here in South Africa – it is starkly demonstrated how important cybersecurity is. Add to this the WannaCry ransomware attacks that crippled the United Kingdom’s health service as well as affecting multinational companies, and the audacious hacks of Ukraine’s power grid. It’s a dangerous digital world out there.
But it is also a timely reminder to practise safer security with your digital life, and be more vigilant that you don’t carelessly expose your own personal details and sensitive information. You can’t be vigilant enough about not emailing personal details like ID and passport numbers or scans of them, or having such details on your computer. Don’t use the same password for many websites and have secure passwords (it’s okay to write them down). Get a password manager. Patch your computers often. Run security software with automatic updates.
Be vigilant with your own security.
This column first appeared in Financial Mail