Until this week, only the nerdiest of nerds were looking at bugs dubbed “Meltdown” and “Spectre.” Then Apple admitted the bugs were present in almost all of its products, and everybody freaked out. And although you probably don’t have anything to worry about, there’s good reason to be concerned. Meltdown and Spectre can be fixed, but it’s going to slow down devices, force changes in how we make anything with a microchip, and generally make the whole world miserable.
- What are Meltdown and Spectre? To explain that, let’s talk about how your computer works, at the level of the chips. In order to stay on top of the absurdly complex tasks we demand computers do, they have to “think ahead” so to speak. It’s called “speculative execution.” For example, if you load Facebook on a tab, your computer can guess you’ll want to enter your password. So it loads up your password file. What’s important, though, is that there’s a wall between your processor’s tasks and the other applications on your computer, and between your web browser and the other things you’re doing. Or, rather, there’s supposed to be. It turns out a flaw means there are cracks in that wall. The cracks between processor and application are Meltdown. The cracks in the wall between applications is Spectre.
- The good news is that Spectre and Meltdown are insanely complex bugs that are difficult to exploit: Think of it like a crook trying to break into your car to steal your phone by completely disassembling your car, taking your phone, swapping out your phone with a dummy phone so you don’t notice anything, and then reassembling the whole thing. It’s possible, it’ll work in theory, but in this particular case, you might as well just smash the window.
So only people dealing with genuinely sensitive data need to worry: Criminals are not going to use these bugs to steal your Facebook password. They might use it, however, to steal Mark Zuckerberg’s bank account or baby photos. And therein lies the whole problem; this bug affects billions of devices, including those used by governments and those designed to protect corporate secrets, banking information, and other vital data.
There’s a fix, but it comes at a price: Fixing Meltdown is easy, and arguably more urgent, but it affects your computer’s speculative execution, meaning it’s going to slow down between 5% and 30%, depending on the device. Intel is claiming it’s unlikely you’ll notice, but that really depends on what demands you put on your processor. If it’s Netflix and Twitter arguments, you probably won’t notice. Industrial users? That’s another matter entirely:
- The big problem is how to fix this going forward: This problem affects not just almost every chip in commercial use from Intel, ARM and AMD, but every chip they’ve got on the shelves, about to be manufactured, and even on the drawing board. The entire chip industry is going to have to completely rewrite how it builds and ships chips.
- OK, so what should I do? First, don’t panic. You’re extremely unlikely to be a target of this. Second, patch your computer. Microsoft has rushed out an update and more are in the works, and Apple and others are right behind them. Staying current on your updates, for your apps and your operating system, is the best way to protect yourself. If you’re really concerned, delete any passwords for sensitive data like banking off your computer or phone and manually enter them. But, again, unless you have angered an extremely petty and malicious individual with a computer science PhD, you probably don’t need to worry.
Meltdown and Spectre, in the end, are largely broader issues. These are bugs that have lurked in our processors for years and nobody found them. The question security researchers and chip manufacturers now have to answer is whether there are any others out there.