Meltdown and Spectre attacks: Early fix leads to slowdown, more problems

Singaporeans more wary of cyber threats
A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser in a photo illustration in Paris April 15, 2014 Mal Langsdon/Reuters

At least three billion computer chips have been estimated affected by the Spectre vulnerability that was discovered recently by security researchers alongside Meltdown. Technology companies like Microsoft, Apple, Google and Amazon were prompt to push out software updates to thwart possible hacking. Unfortunately, updates that were supposed to provide fixes are causing additional problems.

Early security patches have proven they were not the suitable solution to the critical vulnerabilities in Intel, AMD, ARM and other processors. Some users were complaining about the fix's responsibility for slowing down devices, reports Reuters. On top of that, most anti-virus software did not work well with the security update that it caused freezing in laptop and desktop computers.

Also read: SingCert warns Singaporeans of 'critical vulnerabilities' Intel processors

No proven fix has been released thus far. Some businesses may be forced to upgrade their computer systems in order to safeguard classified data, which is an expensive move to make. Affected users may need to cooperate at the moment while companies are still hunting for long-term solutions.

Speaking to the Technology Review magazine, Mark Weatherford, a former senior official at the US Department of Homeland Security, recommends consumers to take operating system upgrades immediately.

The Spectre bug is more difficult to solve than Meltdown. The former was confirmed to have impacted Intel, AMD and ARM processors, while the latter hit Intel. The security loopholes are believed to be existing for 20 years already.

Daniel Gruss, the researcher who discovered the vulnerabilities, said: "If you download a file from the Internet, and it's an executable file, or you get an executable file send via e-mail, and you run it on your system, in either of the three cases, an attacker could incorporate a Meltdown or a Spectre attack in there, and with that could leak any secret stored on your system."

Three billion chips were said to be affected in what the industry called the "bug collision". Apple admitted that all Mac and iOS products are exposed to the vulnerabilities, except for the App Watch series.

This article was first published on January 8, 2018