CFN original: Yes Meltdown and Spectre are real and your devices are at risk but don’t panic, correlation does not equal causation

Supported By:

Net Patrol International Inc.  Data Investigation and Forensic Services
Bankruptcy and Insolvency Trustees

By now, the terms Meltdown and Spectre would probably cause a spasm of terror throughout your body if someone were to mention them in casual conversation. And in some regards, the latest vulnerabilities (to put it lightly) are certainly a cause for concern. Anything that affects “all modern processors,”  is worrisome, especially when stated by Apple. But please for the love of technology, don’t buy into the fear mongering Twitter has whipped up, patches are on the way and in some cases have already arrived.

To give some background, when we say all modern processors are affected, we’re talking about the root cause for concern: computer chips architecture manufactured by AMD, Intel and ARM have been compromised. So in other terms, yeah virtually everyone has been affected, including those Apple users still stuck with their heads in the sand about the security of Apple products (myself included). To be very clear, the problems found with these chips are not a design flaw but exploits created to cause havoc within these systems. They access protected areas of memory to potentially decode and read. While this may contain sensitive information such as passwords, it also may simply be variable instructions and data from application processes that are not of much value.

As of this morning, Apple has released a statement regarding the issue and noted that patches to help combat any problems users might be experiencing have been rolled out. But Apple also noted in their statement that “there are no known exploits impacting customers at this time.” Furthermore, Apple stated that Meltdown and Spectre are found in malicious apps that users might download, therefore you should be updating every device you own and only be downloading applications from trusted developers. You can read Apple’s full statement on the matter, here.

Now to dispel some of the notions that have been floating around in the internet ether: Meltdown and Spectre are not malware in the traditional sense that they could hijack your system. Of course, fraudulent activity is possible, but it’s also come to light that it’s quite difficult to actually pull off Meltdown or Spectre. They do not allow data access and retrieval of stored data sets on disk drives, (e.g., databases) like many normal malware attacks would, nor do they allow machine takeovers for DDoS attacks. So, the actual risks to corporate or personal data are much more limited than typical of malware attacks that capture full content of mass storage systems

And finally, yes your smartphone, personal computer, and tablet are most likely at risk of being affected but correlation does not equal causation. With Meltdown and Spectre, hackers are looking for the big fish so to speak; large data center machines rather than personal machines. It’s about “bang for the buck” for the hacker.

The question really is, what can we do on our end as people who use these devices every single day. And the answer is simple and small (because there’s not much else you can do at this point) update your devices and maybe avoid twitter for awhile.

Read our other post about this issue, here.