The year started off badly if you look at cyber security. Because as it turns out, basically the whole world is at risk of having their data being hacked. And it is a risk that will probably be around for quite some time. So make sure you patch everything.
By now, you probably have heard about Spectre and Meltdown; two weaknesses that are in almost all modern chips that are out there. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. Both work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers.
If I am completely honest, I must say that I am actually very impressed with the people who found these vulnerabilities. It took them some real ‘out of the box’ thinking to find out the exact timing of when the data was transferred and when they had to plug in to that data to intercept it. Imagine how that process went. Of course it is never OK for hackers to access your data, but still – this time it’s a truly remarkable feat.
As I was reading the scientific articles and all the news around Meltdown and Spectre, at first I thought: “Well, the risks for network hardware aren’t that big, because we do not use that kind of technology.” But as I was thinking about it a little more, something dawned on me.
There is more and more hardware out there that lets you run virtual servers and/or machines on it. So one box with a number of ports on it can be used for different purposes. All you have to do, is to install different virtual machine images and you are good to go. You can also perform software upgrades by installing the new version alongside the old one (and not instead of the old one), thereby keeping the downtime as short as possible. That works great, but in the case of Meltdown and Spectre, these platforms can be vulnerable for attacks. There is the risk that hackers can use them to steal your data.
And this is why you should patch you systems as soon as possible – even network hardware that you think is not vulnerable. There are patches out there for Meltdown already, and they are working on patches for Spectre. Other than that, you should also check you security protocols.
Meltdown and Spectre will be around for some time, and I won’t be surprised if other types of vulnerabilities like these will be developed. So stay sharp when it comes to security and don’t automatically think: “It probably does not apply to me”.