Nearly two years ago, researchers revealed flaws in the chips of virtually every computer made since the mid-1990’s. The flaws—primarily found in Intel’s chips—create a vulnerability that can be exploited by allowing hackers to obtain unauthorized access to privileged information.
Since the initial exploits were first exposed, new versions have continued to be discovered—the most recent of which was found this past November. While software “fixes” have been released, they tend to reduce the speed and performance of computers—as much as 40 percent, according to some reports. In addition, since the flaw is hardware-based, the “fix” is only good until the next exploit is discovered.
At the time of the discovery of one of the “worst CPU bugs ever found,” there was significant alarm expressed in the news as well as across the cybersecurity community. Since that time, public attention has waned. Unfortunately, the problem has only grown worse. And while there has been considerable discussion of the impact these flaws have on businesses, the impact on consumers has been somewhat overlooked.
That’s why NCL’s #DataInsecurity Project recently released a paper detailing the threat that these bugs—with scary names like Meltdown, Spectre, and Zombieload—pose to consumers, their data, and the performance of their computers.
Every organization or individual running a server or computer with affected hardware should take action to protect themselves. Unfortunately, consumers are less likely to know what to do or have the resources to do it, leaving them more exposed.
For example, consumers are more likely to be running older or outdated software. Consumers are also likely to keep their computers much longer than a business, making their hardware older as well. The way these flaws work, older hardware generally sees a greater slowdown when the security patches are applied.
Additionally, the small businesses that consumers interact with may also be running “legacy” hardware or software. These businesses may not be able to afford the high cost of additional servers to offset the speed loss from the patches or of entirely replacing old systems. This difficult choice for small businesses could mean that some decide against applying patches – with potentially severe consequences for consumers’ data security.
Google has taken preemptive steps to protect consumers, but it also warned that as a result of these security measures, “some users may notice slower performance with some apps and games.” Apple, conversely, has offered software patches but left other security measures as an “opt-in” for consumers.
So, while consumers may not face the same type of risk as businesses, they do face a lot of challenges when it comes to addressing these exploits. Consumers already live in a heightened threat environment, filled with phishing emails and computer viruses. They shouldn’t have to choose between the security of their data or the performance of their computers.
To learn more about these issues and the best way to protect yourself, you can find NCL’s white paper here.