Nearly all computers worldwide – as well most other devices
– have been exposed to security flaws which leave them vulnerable to attacks.
Researchers discovered holes in security stemming from central processing units, better known as microchips, which could allow private data stored in computers and networks to be accessed by a third party.
So far, there hasn’t been any breaches, but is it a big deal? And what could it mean for your business?
What Are the Vulnerabilities?
There are two security flaws: Meltdown and Spectre.
- Meltdown affects laptops, computers and internet servers with Intel chips.
- Spectre has the potential for a wider reach. This can affect some chips in smartphones, tablets and computers that are powered by Intel, ARM and AMD.
Senior data analyst at the technology consultancy IDC has said that data centres and devices connected to the Cloud are also vulnerable.
What is the Scale of the Issue?
The UK’s National Cyber Security Centre (NCSC) has said there is no evidence that this has been exploited, however, now the issue has been made public, there is concern that the bugs are discoverable and could potentially be taken advantage of.
The tech industry has been aware about the issue for at least six months, but everyone from developers to security experts involved signed non-disclosure agreements, presumably in an attempt to keep things under wraps until dealt with.
Considering there are 1.5 billion personal computers in use today alone, and around 90% are powered by Intel chips, the exposure to the Meltdown bug is potentially huge.
What Information is at Risk?
The bugs allow hackers to potentially read data stored within a computer and steal information such as passwords and credit card information.
Jake Saunders, a Technology Analyst from ABI Research said it wasn’t exactly clear what information could be at risk, but as the security risks have been exposed, the big question is can other parties discover and potentially exploit them?
What does this mean for my website?
If you host your website with Ascensor, our VMware hosting platform isn’t vulnerable to Meltdown and patches have been released in order to mitigate Spectre. At present, there are no known ways to remotely exploit these vulnerabilities so before anyone can take advantage, they would need to have access to the server.
Access to the servers we host is controlled and known by us, so the attack surface is small. We will be applying patches to them once we have evaluated what impact it will have on performance.
As a digital agency, we use computers in our daily activities. However, data security is our highest priority and we are currently in the process of becoming an ISO 27001 accredited agency.
We are also updating our own equipment as patches become available. If you notice any issues concerning your website, contact Ascensor now.