How processing chip flaws exploited by Meltdown and Spectre affect payments|
On Jan. 3, Google's security team issued a report titled Google Project Zero that detailed vulnerabilities in processing chips manufactured by Intel Corp, Advanced Micro Devices Inc. and ARM Holdings.
According to CSO Online, computer chips made by these companies are currently in a majority of computers and mobile devices sold over the last 20 years. Each one of these chips is susceptible to exploit by two types of hacking methods known as Meltdown and Spectre. These digital attacks have the potential to expose data stored on devices. For businesses, this could mean customer card data or other sensitive information is at risk.
What are Meltdown and Spectre?
"Meltdown and Spectre could potentially compromise a server network."
Meltdown gets its name from the way security barriers melt when the technique is employed. Computer apps, programs and internal systems are limited in the kinds of data they are allowed to access. According to Reuters, hackers use Meltdown to bypass typical security authorizations that limit an application's ability to view the computer's memory freely. This attack affects Intel chips only.
Spectre lets hackers corrupt an app and use it to siphon requested and unauthorized data through the chosen program. Its name is derived from the fact that instances of this attack are difficult to notice and stop and the problem could haunt users for some time. Spectre affects Intel, AMD and ARM chips, the latter two of which are found primarily in mobile devices like smartphones and tablets.
How Meltdown and Spectre affect business
The issues exist on a hardware level, which would mean replacing the chips could be expensive and time consuming, especially for retailers with a large number of devices. Intel and other major tech companies such as Microsoft, Apple and Google released software patches intended to prevent Meltdown and Spectre occurrences. The mitigation techniques work by disabling a particular code set the computer chips read, which opens devices to attack.
However, CSO reported the same codes rendered inactive functioned to improve overall system performance and patched devices could experience processes slowed by an average of 5 to 10 percent.
In addition to allowing for uninhibited viewing of company and client data on devices, Meltdown and Spectre could potentially compromise a server network and the transmission of payments data between clients and providers.
Intel released an informational guide related to the chip vulnerabilities and provided a number of techniques businesses can use to protect themselves from hackers.
Administrators should actively check for system updates on all devices connected to a network. Hardware and software firewalls should be activated at all times in addition to malware protections. Appropriate user privileges should be maintained and users need to avoid suspicious links. All unused devices need to be turned off and password re-use should be avoided.
To learn more about effective card processing software, get in touch with Cloud 9 today.