How to protect yourself from the Spectre and Meltdown chip flaws

Spectre and Meltdown are vulnerabilities that could let hackers steal passwords and other personal data. Here’s how you can keep private data safe on your phone, tablet, laptop and PC.

Spectre and Meltdown have hit the headlines this week, but you shouldn’t panic. Here are the practical steps you can take to ensure your passwords and sensitive data stays safe.

What’s the problem?

First, a quick explanation of the flaws. Put simply, sensitive data shouldn’t be exposed when inside the main processor – the CPU – in a phone, laptop or PC.

Also, everyday apps shouldn’t be able to access data (from the computer’s memory) which is being used by the operating system or by other apps.

However, it is possible to access this data the Spectre and Meltdown vulnerabilities and it means that a hacker could use malware to gain your credit card number, passwords and other data if you use an unpatched device.

Processors affected include Intel, AMD and ARM, the latter of which powers most smartphones and tablets. All major operating systems are also affected, including Windows, macOS and Linux.

It appears that security experts and the big chip and software developers have known about the vulnerabilities for months, if not years. Only on 3 January 2018 did this information become public and – for the most part – patches and software updates have been issued to protect your data.

For more information on the differences between Meltdown and Spectre, read the Meltdown Attack website.

What do I need to do?

The best advice is to ensure your software is up to date. These days a lot of software updates automatically, but it pays to double-check that your devices are running the latest version of their operating system and that all of the software you run is also up to date.

It’s simple, common-sense security practice, so there’s nothing new here. And it's pretty much the same as protecting your data from ransomware.

Patches for Windows, macOS and Linux are all expected shortly, but Google says that Android devices which have the latest updates installed are already protected. (An update for the Chrome web browser is due on 23 January.)

It’s not clear whether iPhones and iPads are affected by the problem: Apple has not issued a statement to clarify.

Will antivirus prevent an attack?

In theory, an up-to-date antivirus program should block any attacks, but in practice they are – according to security experts – extremely difficult to detect.

The good news is that there is no known malware which exploits these flaws. But it is still a good idea to keep your antivirus, operating system and apps up to date.

Don’t forget to be vigilant when clicking on links in emails and on websites to avoid downloading malware in the first place.

Is my data stored in the cloud vulnerable?

Yes. The processors which run cloud servers are similarly affected by the flaws, which means you should avoid storing any sensitive data in the cloud.

You should also make sure you have a backup of any irreplaceable data on a portable hard drive or some other form of storage which isn’t connected to a computer, network or the internet.

Again, this is good practice against any type of hacker attack.

Join the newsletter!

Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about AMDAppleARMGoogleIntelLinux

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by By Jim Martin

Latest Videos

More videos

Blog Posts