Several researchers including one from Google’s project Zero exposed the "serious security flaws" in the design of Intel, AMD and ARM processors, which could allow hackers to take control of your device even when it’s switched off.
Named ‘Meltdown’ and ‘Spectre’, the scope of these flaws aren’t limited to one or two manufacturers, types of devices or operating systems either. PCs, laptops, servers and mobile phones from manufacturers including Apple, Samsung, Sony, Dell, HP.
Why is this different to other viruses?
Most viruses utilise flaws in software to gain access to your system. Therefore, they access your computer in ways which are often operating system specific and limited to specific types of hardware. This goes across multiple types of devices, manufacturers and operating systems.
It's also a little different, as researchers who find problems with operating systems and hardware normally let manufacturers know and give them a chance to come up with a fix before letting the public know. This time, the news was released a little early, leaving Intel scrabbling to get an update out.
Are your devices affected?
The problem is to do with the design architecture used in the manufacture of computer chips, which has been used for decades. This same design style is common to almost all manufacturers, although some are more susceptible than others.
What’s the technical explanation of the problem?
The Google Project Zero researcher, Jann Horn, demonstrated that malicious actors could take advantage of speculative execution to read system memory that should have been inaccessible. For example, an unauthorized party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications. Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.
Should you panic?
There is no evidence that hackers have been able to exploit the weaknesses and they would need to have the specific malware installed first, so hackers wouldn't be able to randomly try to take control of just any system connected to the internet.
What could the flaws allow hackers to do?
If your system is affected, there is the potential to read the memory content of your computer. This may include passwords and sensitive data stored on the system.
What is being done about it?
ARM said patches had already been shared with its customers, which include many smartphone manufacturers.
AMD said it believed there was "near zero risk to AMD products at this time."
Intel are working on a patch to fix the security flaws and will be released shortly.
Operating systems such as Android, Linux, Windows and OS X have already released security fixes that will stop the attack from the software side of things and it's likely they've already been installed on your devices.
What do you need to do to make sure your device is secure?
There are no guarantees, but there are some steps you can take to help protect yourself. Make sure your device is set to automatically update, but if that's not an option make sure you perform security updates over the next few weeks. Also, make sure virus scanning software is installed and up to date.
Could hackers already have your data?
In theory it’s possible, as there is no way of tracing whether there has been a security breach on your computer in the same way that a virus in a computer programme might be able to be found. But the flaw has only just been found by researchers and no evidence of hackers getting there first has been discovered, so it’s unlikely.
The results of the finding will have little effect on most home users, as manufacturers have been able to get on top of the problems before they could be exploited. However, the effects for the companies going forward could be potentially massive. It will require the redesign of chip architecture and operating system software, which could have an effect on performance and efficiency.
For server systems, the security fix could also have a massive effect. Because of the way they process data, the performance of their chips could be reduced by as much as 40%.