Security alert: Chip vulnerability exposes computers

15 January 2018

Chips contain a feature that makes them vulnerable to hacking that could allow hackers to steal sensitive data, Intel Corp and other leading chip manufacturers have confirmed.

 

Hackers find weaknesses (known as vulnerabilities) in software they can exploit to access computers, smartphones and tablets. Installing software updates can fix vulnerabilities and help keep you secure.

 

Two critical vulnerabilities in CPU processors have been identified – codenamed Meltdown and Spectre. Meltdown can be patched, but no fixes currently exist for Spectre.

 

Malicious criminals could take advantage of speculative execution to read system memory that should have been inaccessible, for example, an unauthorised party may read personal information in a system’s memory, such as passwords, encryption keys, or sensitive information open in applications.

 

There is rising global speculation about the issue’s severity, including potential performance impacts on servers and public cloud environments.

 

Systems affected: Intel, Microsoft, Apple, AMD, Google, ARM and Linux Kernel.

 

Intel provides chips to about 80% of desktop computers and 90% of laptops worldwide.

 

Impact on systems and businesses

 

An attacker able to execute code with user privileges can achieve various impacts, such as reading otherwise protected kernel memory, like passwords, encryption keys, or sensitive information open in applications.

 

Many Australia businesses will be subject to the new notifiable data breaches scheme from 22 Feb 2018 which will require businesses to advise customers if they have suffered eligible data breaches.

 

Solution

 

Leading chip manufacturers and software companies are developing patches to mitigate against vulnerabilities.

 

Software updates should be applied immediately to protect systems and personal information from hackers.

 

Most modern software and applications update automatically but ensure you agree to install updates immediately when prompted. Common software to update includes:
• operating systems, for example, Windows, macOS, iOS, Android
• antivirus and security software
• browsers, for example, Internet Explorer, Firefox, Chrome
• web plugins, for example, Adobe Flash, Reader, Skype, Apple QuickTime, iTunes, Java, ActiveX
• other types of applications, for example, Microsoft Office.

 

When you buy a new device, check for updates immediately as part of the initial set up and enable automatic updates.

 

For insurance brokers

 

Emergence Insurance recommends brokers be proactive and advise clients of this global security issue and its potential for clients’ sensitive information to be accessed by hackers.

 

System vulnerabilities are another reminder why it is important to implement security patches and updates immediately they are available.

 

Protection from specialists

 

Emergence Insurance is here to protect all businesses – large and small – against cyber risks. In fact, that’s all we do, so we’re the specialists in the field.

 

Talk to your insurance broker about how Emergence can develop a cyber solution for your business.