Follow on Google News News By Tag Industry News News By Location Country(s) Industry News
Follow on Google News | The nightmare after Festive Season (and Meltdown, and Spectre)By: ESET ME Lots has been written about these vulnerabilities already: if you are new to the subject we suggest that you read Aryeh Goretsky's article "Meltdown and Spectre CPU Vulnerabilities: Now, there is a much larger underlying issue. Yes, software bugs happen, hardware bugs happen. The first are usually fixed by patching the software; in most cases the latter are fixed by updating the firmware. However, that is not possible with these two vulnerabilities as they are caused by a design flaw in the hardware architecture, only fixable by replacing the actual hardware. Luckily, with cooperation between the suppliers of modern operating systems and the hardware vendors responsible for the affected CPUs, the Operating Systems can be patched, and complemented if necessary with additional firmware updates for the hardware. Additional defensive layers preventing malicious code from exploiting the holes – or at least making it much harder – are an "easy" way to make your desktop, laptop, tablet and smartphone devices (more) secure. Sometimes this happens at the penalty of a slowdown in device performance, but there's more to security than obscurity and sometimes you just have to suck it up and live with the performance penalty. To be secure, the only other option is either to replace the faulty hardware (in this case, there is no replacement yet) or to disconnect the device from the network, never to connect it again (nowadays not desirable or practical). And that is exactly where the problems begin. CPUs made by AMD, ARM, Intel, and probably others are affected by these vulnerabilities: Now I can hear already someone say "What kind of sensitive data can be stolen from my Wi-Fi-controlled light? Or my refrigerator? Ok, to be fair, to get access to these IoT devices, your attackers need to have compromised the network already to get into them? Or they have to compromise the supply chain, or compromise apps or widgets that can run on the device, or… There are many ways to get access to these devices. It is not feasible, in fact not even possible, to replace all CPUs in all devices. It would be too costly, besides the success rate for unsoldering and resoldering pin-throughs in multi-layer boards will never be 100%. In the real world, people will keep their existing devices until those devices reach the end of their lifecycles. So for years to come, people will have households with vulnerable devices. Do you know how many IoT devices you have on your local network? Probably not. There may even be some devices you have never realized are there in your household at all. Why not try ESET Internet Security or ESET Smart Security, with the updated Connected Home Monitor, which will help you identify all the network-aware devices in your network, and in many cases can identify vulnerabilities in those devices. It will also alert you when a device not previously seen is connecting to your network. As mentioned, it would be too costly to replace all the faulty CPUs, especially in the cheaper IoT devices. On those, even updating the firmware or (patching) the operating system may not be possible. As a warning, when you are buying a new IoT device, it makes sense to check which CPU it is running on, and if that CPU is affected by these vulnerabilities. It is expected that some devices may suddenly be offered cheaply by the manufacturer, hoping to rid their inventory of old(er) faulty CPUs while manufacturing new devices with updated CPUs, when these become available. So: caveat emptor. A bargain may turn out to be a nightmare once you connect it to your network. The bottom-line: https://www.eset.com/ End
Account Email Address Account Phone Number Disclaimer Report Abuse
|