Since the beginning of 2018, there have been a series of attacks exploiting vulnerabilities in the central processing units (CPUs) of major chip makers. Called Spectre and Meltdown, these hacks allow the attackers to fool the CPU into providing sensitive information stored in unsecured portions of the CPU. Patches were issued and mitigated the damage although they did impact system performance for certain tasks, making the PCs run a touch slower.
The target of first round of attacks were chips manufactured by Intel. AMD chips, the other major CPU manufacturer, were not impacted. Then in early May, Spectre – New Generation was discovered by a team of security researchers. In our post on that discovery, it was found that the new exploit targeted AMD and a small number of ARM chips in addition to Intel. Again, patches were developed and issued.
Now, just four weeks after the wider ranging hack discovered in early May, a 4th variant has been discovered by Microsoft and Google engineers. They have named this version Speculative Store Bypass because it spoofs the speculative execution function built into CPUs into giving out sensitive data. A Hacker News article on the subject has a link to an excellent video by Red Hat Linux that explains how this works.
Unfortunately for innocent bystanders like us, this latest variant affects CPUs by Intel, AMD, ARM, and IBM Power 8, Power 9, and System z. Or in other words, practically every PC on the planet. Still, the researchers are saying that patches will be available in regular software updates. Some PC OEMs will update firmware as well.
What should you do at this point? Be vigilant in what you do and where you go online. Try not to store sensitive information in unprotected files on your PCs. This includes not allowing your browser to store passwords for you. Invest in a good password manager instead. Be sure to update your PC’s operating system each time new security patches are offered. Finally, keep an eye out for unusual activity with your credit cards and bank accounts.
The software patches are good at mitigating the exploit, but it will require the chip makers removing this functionality in future versions of their chips to eliminate this particular weakness entirely.
Digital convenience comes with a need for increased vigilance and constant attention to maintaining the security level of your digital devices. For the highest level of secured communications, look to CRIP.TO. Our unique hardware and software solution of Black and Shield offer individuals, groups, and companies with the highest level of end-to-end encryption currently available. Any data you store on the Black device is virtually impervious to decryption and compromise.
Learn how CRIP.TO gives users the freedom to communicate fearlessly on our website and check out the details of our ICO while you are there.