Companies scrambling to protect networks from chip security flaw

The tech world is rushing to patch a serious flaw in computer microchips, which has left devices open to hackers.

It was revealed this week that two security flaws, known as Meltdown and Spectre, were affecting microchips made by Intel, AMD and Arm, which are used in almost all computers, internet servers, smartphones and tablets, as well as data centres and any devices that connect to the cloud.

This includes PCs, Chromebooks, Android phones and Macs, iPhones and iPads – apart from Macs running the latest macOS version and iPhones and iPads running the latest iOS version, while Android phones with the most recent security updates are protected.

The security gap allows access to a computer’s memory, which could reveal confidential information and security data.

Because the security flaw affects the microchip design integral to computers, it is more of a concern than more usual software bugs.

It is understood the industry was aware of the issue for several weeks before it was made public, in the hope the problem could be patched to avoid the vulnerability being exploited by hackers, BBC News reported.

According to reports, there has been no evidence that any computers or devices have been hacked but the possibility that information such as passwords or financial details could be stolen does now exist if hackers can discover the gaps – and security experts suggest this won’t take long.

However, experts have said any attacks will more likely be espionage by sophisticated nation state hackers or organised networks targeting companies.

The industry has issued emergency operating system security updates against Meltdown, which should be installed to protect computers and devices when they become available.

Windows users should check third-party anti-virus and security software is up to date to ensure patches are installed, BBC News said.

Apple also warned users to avoid downloading software from questionable sources that may be malicious.

Apple plans to shortly release a patch against Spectre, but BBC News added that “Spectre is thought to be much harder to patch and no fix for it has yet been made widely available”.

The National Cyber Security Centre, a part of GCHQ, said the major cloud service providers were installing fixes on their own platforms but separate updates would be needed on the operating systems of any virtual machines.

According to a Financial Times article, security experts believe the patches won’t go far enough to protect business computers and have said completely replacing computer system hardware will be the only way to ensure protection.

“However, the sheer cost and complexity of replacing so much IT infrastructure leaves big tech users with little choice but to continue with their current systems and rely on incomplete fixes being produced by their tech suppliers,” the FT wrote.

For more information on specific protection guidance, visit the National Cyber Security Centre.