The new year began with reports of two critical design flaws in the chips found in virtually all computing and communications devices. Their names, Meltdown and Spectre, offer a good idea of the potential damage they can do. Experts insist that the harm can be mitigated by proper computer hygiene, however, although Spectre will be difficult to fix and underlying vulnerabilities will persist. This incident is another reminder of the critical importance of security consciousness by all device users and, sadly, of continuing susceptibility to hacks and attacks — a vulnerability that will only grow as technology embeds itself further into daily life.
Several researchers, working in different parts of the world, simultaneously uncovered the flaws last summer. (The intervening silence should not be alarming: affected companies have been working since then to fix the problems.) The first bug, Meltdown, exploits "speculative execution" in a microchip's operation. As a chip processes instructions, it accesses various pieces of data; to speed that process up, some data is assumed to be used repeatedly (hence "speculative") and thus made available for reading. Using Meltdown, the OS is told to allow access to information that it should not be able to read, such as passwords. By the time the OS has run the code — when execution is no longer "speculative" but real — it realizes that access should not be granted, but by then it is too late.
Meltdown was originally thought to be an Intel chip flaw, but subsequent research has indicated that it affects other chips too, including those produced by ARM Holdings, which is owned by Japan's SoftBank. Chip manufacturers, computer and device makers such as Apple, and service providers like Google and Amazon, have all acknowledged the flaw and have released or will soon release fixes. Given the ubiquity of these chips — Apple warned that the issues "apply to all modern processors and affect nearly all computing devices and operating systems" — all device users should update their operating system, firmware (the software that instructs computer chips) and web browsers. All three are essential to ensure security and experts believe that will do the trick.
With your current subscription plan you can comment on stories. However, before writing your first comment, please create a display name in the Profile section of your subscriber account page.