Sunday 16 December 2018

Adrian Weckler: How to protect yourself as two 'bugs' looks set to affect almost every computer, with phones also at risk

A worker at Intel’s Fab 24 facility in Leixlip, Co Kildare
A worker at Intel’s Fab 24 facility in Leixlip, Co Kildare
Adrian Weckler

Adrian Weckler

What is going on? Two very serious computer problems have been identified that, between them, affect almost all the world's computers. That almost certainly means whatever laptop or PC you have at home or in work.

What are these problems?

One has been dubbed 'Meltdown' and the other one is 'Spectre'. They basically make it possible for attackers to take over a computer without the owner knowing, bypassing precautions such as anti-virus software.

What's the difference between 'Meltdown' and 'Spectre'?

'Meltdown' affects computers with Intel chips. That amounts to most PCs, laptops and work machines in Ireland. 'Spectre' affects computers that use other chips, such as AMD or ARM. This segment may include phones and tablets, too.

Hang on - my phone might be affected?

Yes. Both Google and UK-based company ARM have warned that older Android and iPhone handsets could be at risk from attack. ARM has said that those still using iPhone 4, 4S or 5 handsets may be vulnerable.

Have there been any reports of actual damage yet from 'Meltdown' or 'Spectre'?

No. Researchers have published proof of concept and IT security experts say it's only a matter of time until the attacks start.

How would I know if my PC or phone is being attacked?

This is one of the worries at present - you wouldn't know. The problem is a design flaw in the actual chip itself, rather than the software surrounding the chip. Technologists describe this as being the 'kernel', or core, of the computer chips. Unlike most security weaknesses, once this one is exploited there is carte blanche to do anything on your machine. For example, sometimes when you're buying something, your PC or phone will ask whether you want to store your credit card's details or your passwords for future secure access. This vulnerability would give an attacker access to that level of information.

Is there anything I should or can do to ward off danger?

The only thing you can do is to install any updates that are issued from companies such as Microsoft or Apple. Microsoft is already starting to roll out protective patches, while Apple has said that it will release a patch for the Safari web browser on its iPhones, iPads and Macs within days.

Apple stressed that there were no known instances of hackers taking advantage of the flaw to date.

But isn't the problem the chips? Do I need to replace those?

Yes, the problem is based in the chip - but you can't really replace a central processor in your PC or Mac. So you'll have to go with whatever patches the likes of Microsoft comes up with.

Will those patches completely fix the problem?

Probably not. Most IT experts are still saying that even with the patches in place, the performance and battery life of your PC, Mac or work machine is likely to be hit. Early estimates put this speed downgrade at up to 30pc, although Intel has disputed that figure.

I'm terrible at keeping up to date with upgrades. What if I don't implement this one in time?

Then experts say that you have a heightened chance of becoming the victim of something such as ransomware over the next year.

How has this happened?

This is being labelled as a fundamental flaw in how computer chips were designed, across almost all of the world's big chip makers. Intel, which is the biggest of the lot, denies the worst predictions, particularly the fear that patched PCs will be slower by a third. However, it may now have to amend its processor design.

Is it just home PCs and phones?

No. One of the most serious worries is around servers, data centres and 'cloud services' from big providers such as Google and Amazon. Thousands of ordinary businesses now rely on these online services for everything from their e-commerce offerings to secure files. Google has moved quickly to update its cloud offerings but says its customers may still have to implement upgrades on their own machines. Amazon says that it has contained the problem but that its customers must also patch their systems.

(Additional reporting from Reuters).

Irish Independent

Business Newsletter

Read the leading stories from the world of Business.

Also in Business