Two fundamental flaws have been discovered in computer processors that will affect the vast majority of businesses and consumers around the world. Dubbed Meltdown and Spectre, they make it possible for hackers to gain access to private information, including passwords, stored in temporary memory.
News of Meltdown, which affects practically every Intel processor made since 1995, was first broken by tech blog the Register. The very next day, Spectre had joined the fray, with chips from AMD and Arm also affected. And as if that wasn't enough, it turns out many big technology companies have known about these weaknesses for months, but were hoping to release a fix before they became public. Right now, the horse has well and truly bolted, and technology companies worldwide are scrambling to find fixes or workarounds.
Essentially, Meltdown and Spectre are bugs that mean secret information on a computer can be accessed and read, when it should be hidden away. When you type a password into a web browser form, for example, it's stored in temporary memory (RAM), but what you type shouldn't be directly accessible to users of that computer. Thanks to these bugs, though, that's not the case. Would-be hackers could see exactly what you're typing as you're typing it, making a mockery of modern cyber security measures. As Graz University of Technology explains:
"These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents."
The phrase 'hardware bugs' is of particular importance. These aren't software flaws, like a problem with, say, how Windows has been programmed; these are intrinsic to the physical architecture of central processing units (aka chips, processors or CPUs). It's like finding out one day that the electrical wiring in your house or office was done using the wrong kind of cables - the only way to be really sure it's safe is to rip it out and start again.
And because all the major chip designers have been affected, it doesn't matter whether you're using a desktop PC, a server, a laptop, a tablet or a smartphone. If it has a processor in it, then it's likely to be vulnerable to one or both of these bugs. Indeed, that includes other smart devices and IoT (Internet of Things) devices, illustrating just how wide-reaching this issue is.
The only real positive to come out of this story so far is that, to date, there have been no reports of these flaws being exploited. With it now in the public sphere, however, that might not remain the case for long.
As we speak, hardware and software developers are doing their best to come up with patches to keep customers safe. To protect against Meltdown, that means changing the very way operating systems and other software interact with processors - an action that could lead to reduced computing performance of up to 30% for many users.
Spectre, meanwhile, is a much bigger problem. Not only does it affect a wider range of chips, it's said to be a more complex flaw, and so far no fixes or patches have been released. On the plus side, it's also more difficult to exploit, which might be enough to put off many hackers.
Barring a miracle, the road ahead for computer users everywhere is going to be rocky. According to some, these flaws could be with us for decades. At the moment, the best thing to do is to keep your software and computers up to date. Make sure you install all the latest security patches for Windows, Mac OS, Chrome, Android, iOS and so on. Basically, if it can be updated, update it.
Beyond that, there's little else you can do (although regular, effective backups are even more advisable than ever). The best minds in the technology world will be working hard in the coming months to find solutions, and software patches will be an important stop-gap along the way. Ultimately, the only thing that's likely to provide a permanent fix, though, is a complete rethink about how processors work and how they interact with other components, but patches should hopefully minimise the risk to users - albeit at the expense of performance.
Eventually, chip manufacturers will have to come up with designs that aren't vulnerable to Meltdown and Spectre. That will no doubt mean spending billions on R&D. Then, when these products are released, businesses and consumers will have to invest in new computers and devices to be 100% safe.
Unfortunately, this will all take time and money, and there will be very few winners as a result.