Products made by Apple, Microsoft and others are now at risk
Millions of devices could be sitting ducks for hackers.
Researchers this week revealed that they’d discovered two major security flaws within the chip systems of Intel Corp. Products from the world’s second largest chipmaker are found in computers and other smart devices made by the likes of Apple, Microsoft and Samsung, meaning that the data of millions of users worldwide is vulnerable.
“Intel and other technology companies have been made aware of new research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed,” the chipmaker said in a statement. “Intel believes these exploits do not have the potential to corrupt, modify or delete data.”
Still, some experts warn that the flaws, known as Specter and Meltdown, could lead to a crisis since they potentially compromise any device with a central processing unit (CPU). “Intel is inside [virtually] every computer ever made… It doesn’t matter what operating system you’re running,” Shelly Palmer, a tech analyst and CEO of the Palmer Group, told Moneyish. “This is a flaw that’s not at the operating system level; it’s at the chip level. That is the actual heart of the computer.”
Palmer likened the security flaws to a weakened immune system. “All of your data could be wiped out, all of it gone,” he said. “Someone could just go in there and whack your memory completely. They could turn on your camera or your microphone without you knowing it. This is not a joke.”
Some tech companies have developed patches— or security fixes — to address this threat. Apple said on Thursday that it had had already previously implemented measures to protect select versions of its flagship iOS and macOS software, and that it would be making further updates available soon (get details on how to protect your Apple devices here). Microsoft has developed a patch for Windows 10 and will release new updates on January 9th. And Google says that Android users who have downloaded the company’s latest security update have taken necessary precautions, but Google Chrome users will have to await additional updates on January 23rd.
“Even though [these bugs are] a hardware-level exploit, the vendors [like Apple and Microsoft] have software programs that will remediate or prevent this from happening,” said Palmer.
Dr. Eric Cole, a cybersecurity expert and former commissioner on cybersecurity under President Obama, suggested enabling automatic updates on your devices. “This way you’re not only protected against this attack but future” attacks, Cole told Moneyish. “If you do this, you should be fine.”
Cole also encourages users to use encrypted password managers like Keeper and Dashlane, both of which are free to download. Antivirus programs such as Norton and McAfee also have versions optimized for both computer and smartphone use.
Such encryption tools may already exist on your computer, he added, but most are dormant by default until you activate them yourself.
Some security experts also recommended installing ad blockers like uBlock Origin on your web browsers. These reduce risk of exposure to malicious code that can come embedded in pop-up ads.
© 2018 Dow Jones & Company, Inc. All Rights Reserved