By Praveen Kannan and Anna Strokolyst The Hotspot Shield team believes the internet should be open and secure …
Two new cyber threats—“Meltdown” and “Spectre”—have been in the news recently, leaving computers, mobile devices, tablets, and other gadgets vulnerable to attacks. And while Apple, Google, and Microsoft have now released security updates in response, it’s worth understanding what these new hardware flaws are and how you can protect yourself.
Cyber Threat: Differentiating Between Meltdown and Spectre
As we move our lives into cyberspace, the data we store on our laptops, mobile devices, and on the cloud has become extremely valuable. It therefore becomes imperative to learn about new security updates and malware.
While the two flaws were simultaneously discovered in December, 2017, by Google’s Project Zero, there are some important distinctions. Meltdown capitalizes on an application’s ability to access the core of an operating system. This core is also called a kernel and represents the point in an operating system from which all else can be retrieved.
Once leveraged, via a term called privilege escalation, the flaw is then able to access all the data stored in the memory. Things like your passwords, bank account information, health records, tax data, and more are all vulnerable—the things you really don’t want others getting their hands on.
Spectre operates differently, but is equally dangerous. A computer’s CPU has the capacity to predict future tasks in order to save time when switching between applications. If the predicted task isn’t followed through, then it casts that prediction aside and prepares for the next one.
It’s through this feature that Spectre can access data.
Spectre doesn’t just gain access to these predictions, however. It can request new instructions that allow it to view other pieces of sensitive information stored on the device. Again, the stuff you don’t want others having access to.
Given that both of these flaws are principally hardware, companies are rushing to issue software patches to protect their users. Unless you are using a computer from 1995—which, let’s face it, is highly unlikely—chances are your computer is vulnerable to both Spectre and Meltdown attacks. Further more, so will your mobile device, tablet, and other gadgets you may own.
Thanks to the hasty work of major computer companies, the patches that protect users have now been released. Apple, in particular, has urged customers to install both 11.2.2 for iOS and 10.13.2 for macOS High Sierra as they will both ensure your devices are protected.
So make sure you update all your devices to the latest software. And beyond that, ensure you’re following best practices to prevent you from becoming a victim of a cyber attack in the future. As always, inspect suspicious emails before opening them—this includes shady updates that resemble those of Apple and Microsoft. Look at the sender and ensure the email address is legit. If something seems off, simply delete it.
You should also use a web browser that blocks malware. And run a virtual private network, or VPN, to encrypt your online activities—especially when connecting to public Wifi like in cafes, airports, or libraries. While recent software updates will protect users, Spectre and Meltdown should be a strong reminder of the importance of cyber security in the digital age.
Protect yourself from cyber attacks. Download Hotspot Shield VPN today for free. It’s available on Windows, Mac OS, Android, and iOS.
“Photo via Casper Rubin”