Security Flaws Exposed Threat Personal Info
This post is also available in: 
עברית (Hebrew)
Hackers now have a growing number of avenues by which to access personal information, and securing that information will only become more and more vital. Project Zero, a team of security analysts assembled by Google has revealed their discovery of two major security flaws in the design of CPUs and microprocessors found in the majority of computers, smartphones, and tablets released over the last 20 years.
The central process unit (CPU) is essentially the “brains” of any computer. Whenever you run a program, type a command, or click a link, you’re sending instructions to the CPU. The researchers dubbed the first hardware bug Spectre. It gives attackers a way to trick otherwise error-free programs into sharing information by breaking the isolation between various applications, futurism.com reports. The researchers say Spectre affects almost every computing system (desktops, laptops, cloud servers, and smartphones) and has been verified on CPUs manufactured by Intel, AMD, and ARM.
The other bug, which the researchers named Meltdown, cracks the divide between user applications and an operating system (OS). By exploiting Meltdown, a hacker can use one program to access the memory of another program or a device’s OS.
The Project Zero team first discovered these security flaws in June 2017, and the plan was for the tech community to disclose them to the public on January 9, 2018. The purpose behind the secrecy was to give companies time to address the issues before news about them spread, but rumors and early reports pushed the reveal up to January 3, 2018.
So far, the Project Zero team says it hasn’t found conclusive proof that anyone has used Spectre or Meltdown to access vulnerable systems. But now that information about these flaws is widely known, that could change.
According to the Project Zero team’s report, Spectre and Meltdown give hackers a way to steal a device’s entire memory contents. That means they have access to a user’s photo library, emails, instant messages, passwords, and more.
To avoid the chaos that such breaches could cause, tech companies are rushing to address the vulnerabilities.
Right now, the best-known fix for the Meltdown bug is Kaiser, a software patch devised by researchers at the Graz University of Technology in Austria to address a different issue. However, the patch might come with a catch: It reportedly causes systems to run up to 30 percent slower. Spectre is proving to be even more formidable, and the only fix may be redesigning the processors.
Linux, Android, Apple’s MacOS, and Microsoft’s Windows 10 have already pushed fixes to address these new security issues. So the best course of action is to ensure all of your devices are using the most up-to-date version of their operating system.
