Earlier this week, reports began to surface of a design flaw in certain Intel computer processor chips that put consumers at increased risk of cyberattack.
Though details of the issue were not immediately released to the public, experts said that fixing the vulnerability affected both consumers and companies that relied on the processors, and that a fix for the issue could cause huge slowdowns in online services and device performance.
In response to the reports, Intel issued a statement saying that the vulnerability did not just affect its processors, that any performance slowdowns would not be significant, and that solutions were currently being worked on to fix the issue.
Shortly after the announcement, a great deal of information about the two vulnerabilities – called Meltdown and Spectre, respectively – were revealed. Reports now indicate that the problem affects a much broader range of consumer electronic devices, as well as information hosted on servers in cloud computer networks.
Meltdown and Spectre
While Meltdown and Spectre could both allow hackers to access users’ personal data, they differ in how they actually go about accomplishing that task and how many devices they affect.
Meltdown affects nearly every Intel chip made in the past decade or two, as well as certain high-end microprocessors produced by ARM. Hackers who want to exploit the flaw could potentially do so by accessing the kernel memory areas found in users’ devices that store personal information such as passwords, log-in information, and cached files.
Luckily, security experts say that Meltdown is not difficult to protect against because it can be addressed with software patches. While these patches may still come with a performance penalty, estimates from various companies indicate that only certain tasks may be affected and at lower rates than originally predicted.
Unlike Meltdown, the Spectre flaw may be much more difficult to deal with and may affect all microprocessors currently on the market – including those made by Intel, ARM, and AMD.
Reports suggest that fully protecting against a Spectre attack may require changing how processor chips are designed, though some aspects of the flaw may be protected against through software updates.
While Spectre’s description paints a grim picture, companies and security experts say that the flaw is much harder for hackers to exploit.
Cloud-based services at risk
One of the more worrying aspects of both the Meltdown and Spectre flaws is their potential to help hackers steal information from consumers who use cloud-based services.
Hackers who manage to infect a consumer’s electronic device with malicious software or malware could potentially use the flaws to steal data from other users operating on the same server for a cloud-based service.
Companies such as Google, Microsoft, Amazon, and Citrix have all issued advisories for users of their cloud services on how to best protect themselves from these attacks. On Wednesday, Amazon also announced that it would be patching its systems to further protect users, and upcoming patches from both Google and Microsoft have also been scheduled.
Other affected companies such as Apple, AMD, and ARM have also released statements addressing the issue.