IT is only a matter of time before hackers seek to exploit the flaw in computer chips that affects millions of devices around the world, cyber security experts have warned.
Google has revealed two flaws – known as Meltdown and Spectre – which could be used to access personal data on a computer.
Many tech firms say they have issued fixes or are working on them, while the UK’s National Cyber Security Centre says there is no evidence so far that the flaw has been used by hackers.
Mark Gracey, who runs Lytchett Matravers-based online security firm Flavourfy Digital, said: “Whilst there seems no evidence of it being exploited so far, it’s now in the public domain and so could be just a matter of time before someone attempts to make use of the vulnerability.”
Matt Horan, from Poole-based cyber-security company C3IA Solutions, said: “This is a flaw in ‘chipset’ coding used for the processing of memory. It affects both Apple and Microsoft platforms on computers and mobile devices.
“It is caused by ‘speculative execution’, which is when a computer predicts what tasks it will be asked to perform next and moves information into a different part of its memory in readiness.
“It is when the information is in this temporary state that it is vulnerable and where the flaws allow it to be accessed and potentially hacked.”
He said manufacturers were usually notified before such weaknesses were made public, so security patches and updates could be developed and released.
But this case was a “zero day attack”, when a vulnerability is identified with no fix available.
“Patches are and will be made available by the chipset vendors and most computers if configured correctly will update automatically with the latest fix,” said Mr Horan.
“However, if this is not the case then people, as a matter of urgency, should find and install the patches from a trusted source. If in doubt seek expert advice.”
Mark Gracey of Flavourfy said the impact would depend on how quickly businesses and consumers access security patches.
“The best advice is to make sure systems are updated in line with vendors’ instructions as and when that advice becomes available,” he said.
“Where that’s not possible, the balance of risk needs to be considered, particularly if reports start coming through that the vulnerability is now being exploited.”
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules hereLast Updated:
Report this comment Cancel