Brown’s Bytes – Will Spectre Cause A Skyfall?

WELCOME TO BROWN’S BYTES! YOUR WEEKLY INSIGHT FROM MOBLICITI’S CTO ANDY BROWN. FOLLOW #BROWNSBYTES

5th January 2018

It seems 2018 is starting with a security bang thanks to the Meltdown and Spectre CPU vulnerabilities being reported widely.

As always with these kinds of things there is a moving picture of what this all means going forward, but at this early stage there are some clear points to consider:

  1. For a long time, the “bad guys” have been going after vulnerabilities in software and the Operating System to gain access. This attack is going after Hardware level issues (a pattern that’s grown over 2017).
  2. This is another major issue that’s actually been discovered by the “good guys” (i.e. the ethical hacker teams). The good news is that there are apparently no known exploits for these vulnerabilities (yet). Questions have been raised about whether the “bad guys” would have ever found this… the vulnerability had been there for a long time and it would seem they hadn’t found it. Is this self-harm by the IT industry creating more problems than it solves?
  3. You can’t easily patch hardware. Any fixes to this will be at a software level to avoid problems in hardware. This is going to have an overhead in terms of processing power. In turn, this will consume more power… the impact of this will therefore be massive overall, whether it’s the Data Centre energy bill or possibly the battery life on your Smartphone/Tablet.
  4. The simple advice is to patch and remain up to date. Whether it’s your data centre hosts or your PCs/Laptops/Tablets/Smartphones, this will be the key item to take away.
  5. Endpoint protection from Malware is key to defending against the risk – all endpoints (I keep banging the drum, but Mobiles/Tablets need this as well now).

So, is the sky falling? Not yet… I suspect once the dust settles this will become a manageable risk, but it’s one that will have to be tracked for years to come due to the nature of hardware refresh cycles.

Get in touch if you need help with these vulnerabilities.

HAPPY NEW YEAR EVERYONE!