Spectre and Meltdown have hit the headlines this week, but you shouldn’t panic. Here are the practical steps you can take to ensure your passwords and sensitive data stays safe.
What’s the problem?
First, a quick explanation of the flaws. Put simply, sensitive data shouldn’t be exposed when inside the main processor – the CPU – in a phone, laptop or PC.
Also, everyday apps shouldn’t be able to access data (from the computer’s memory) which is being used by the operating system or by other apps.
However, it is possible to access this data the Spectre and Meltdown vulnerabilities and it means that a hacker could use malware to gain your credit card number, passwords and other data if you use an unpatched device.
Processors affected include Intel, AMD and ARM, the latter of which powers most smartphones and tablets. All major operating systems are also affected, including Windows, macOS and Linux.
It appears that security experts and the big chip and software developers have known about the vulnerabilities for months, if not years. Only on 3 January 2018 did this information become public and – for the most part – patches and software updates have been issued to protect your data.
For more information on the differences between Meltdown and Spectre, read the Meltdown Attack website.
What do I need to do?
The best advice is to ensure your software is up to date. These days a lot of software updates automatically, but it pays to double-check that your devices are running the latest version of their operating system and that all of the software you run is also up to date.
It’s simple, common-sense security practice, so there’s nothing new here. And it's pretty much the same as protecting your data from ransomware.
Patches for Windows, macOS and Linux are all expected shortly, but Google says that Android devices which have the latest updates installed are already protected. (An update for the Chrome web browser is due on 23 January.)
It’s not clear whether iPhones and iPads are affected by the problem: Apple has not issued a statement to clarify.
Will antivirus prevent an attack?
In theory, an up-to-date antivirus program should block any attacks, but in practice they are – according to security experts – extremely difficult to detect.
The good news is that there is no known malware which exploits these flaws. But it is still a good idea to keep your antivirus, operating system and apps up to date.
Don’t forget to be vigilant when clicking on links in emails and on websites to avoid downloading malware in the first place.
Is my data stored in the cloud vulnerable?
Yes. The processors which run cloud servers are similarly affected by the flaws, which means you should avoid storing any sensitive data in the cloud.
You should also make sure you have a backup of any irreplaceable data on a portable hard drive or some other form of storage which isn’t connected to a computer, network or the internet.
Again, this is good practice against any type of hacker attack.