How do Meltdown and Spectre mess with my devices?
They potentially compromise your device’s memory, leaving the door open for people to get in and steal some seriously sensitive personal data — passwords, pictures, payment details, credit card numbers…
Are they different from each other?
Yes, Meltdown and Spectre are two different flaws.
Meltdown affects every computer, smartphone and tablet with an Intel processor, and it also affects cloud services — potentially, hackers could rent out a virtual server on the shared cloud service and use it to access data from other users.
Meltdown and Spectre are most often talked about as a duo because they were discovered nearly at the same time. If you want to know more about how they differ, Google Project Zero has a very good, very technical post.
Which devices do they affect? Do they affect me?
Do you have a PC, laptop, Mac computer, smartphone or tablet running Windows, Linux, Android or iOS?
Then yes, you’re most likely affected.
How destructive are they, really?
On one hand, you may have noticed we keep using the word ‘potentially’. This is because there have been no cyber attacks exploiting these two flaws. (That we know of. Yet.)
There are also not the sort of security defects that can be exploited by just anyone — you’d need to really know what you’re doing.
On the other hand, Meltdown and Spectre affect so many devices worldwide, and to such a degree, that when they were first reported, security analysts thought they were fake — and are now calling them “catastrophic”.
So, pretty, pretty destructive. Potentially.
Who created Meltdown and Spectre?
These bugs weren’t created on purpose. They’re not viruses or malware — they are just security gaps we didn’t know we have.
In order to make our devices work as fast as we want them to, computer chip manufacturers built processors that can anticipate some of our commands before we make them, based on commands we’ve made before.
We’ve just discovered that these “predictive memory” capabilities (the official name for them is speculative execution) can be hacked and used against us. Again, potentially.
In a nutshell, by making devices work super fast, we accidentally made them super vulnerable.
What to do about Meltdown and Spectre
There are things you can do to help fix and minimize the fallout from Meltdown and Spectre:
Make sure you install Windows patches and updates
Microsoft has been providing Windows 10, 8 and 7 users with an automatic fix. You can open your Windows Settings (or Control Panel) and Windows Update to make sure you’ve gotten your update. It's unclear at this point if older versions of Windows that aren't supported by Microsoft will get any updates.
Update your Apple gadgets
Apple has released mitigations in iOS 11.2, macOS 10.13.2, tvOS 11.2, iOS 11.2.2, the macOS High Sierra 10.13.2 Supplemental Update, and Safari 11.0.2 for macOS Sierra and OS X El Capitan. It seems Apple Watch is not affected. Just update everything.
Update your browser
Update your firmware
As in, the software that you get from the company that made your device — or its components. Intel has an update ready, as does Microsoft for its Surface users. Got a non-Intel system? Contact your computer manufacture and see if they have an update ready.
Update your apps. Regularly.
That’s not really specific to Meltdown and Spectre, but it’s just good advice in general. The sooner you update them, the sooner you get the latest security fixes.
Why is my device suddenly slower!?
Remember how we told you earlier that by designing devices to be super fast, we also accidentally designed them to be super vulnerable?
Well, as it turns out, by blocking the security problems originating from this speed, you also end up… blocking some speed. Sometimes a lot of speed. Up to 40 percent, in fact.
These patches come with other secondary effects — namely, unexpected reboots. Surprise!
And no, you cannot opt out of the patches. Them’s the breaks.
So now, what?
While dealing with a noticeably slower computer that randomly restarts by itself is a royal pain in the behind, it sure beats having your credit card and online banking password stolen — and since there’s no way of opting out of these cures anyway, we might as well hold on tight and ride out these performance glitches until a permanent solution can be found…
… which could take years, since it involves re-designing computer chips from scratch and putting them out in the mass market by way of new computers, smartphones and tablets.
So now, we wait.