What to do about the new Spectre variants.

Recently, researchers at Google’s Project Zero and at Microsoft released information about new Spectre variants. If you don’t remember, Spectre and Meltdown were major issues in almost every processor. This meant hackers could break into computers, cell phones, and many other every day devices.

Although the issues were first reported in January of 2018, many devices only recently received patches. And many others may never receive patches, because vendors don’t have a way to fix them. Issues like these made Spectre and Meltdown serious threats, and now we learn there is more.

 

So what do I do about the new Spectre variants?

If you’re wanting more information on Spectre and what you need to do, we wrote a short guide to help you. As always, we are also willing to help out your business however we can if you contact us. But essentially, beating Spectre will boil down to waiting for updates.

Microsoft and Apple have already released some of these updates on their newer systems. Newer Android and iOS devices should also have patches, but sometimes they take longer on certain carriers. It also depends heavily on the maker of your Android phone or tablet, so be sure to check with the manufacturer.

As we mentioned, some “smart” devices may never receive updates, and you may need to remove them from your network. Things like security cameras, smart thermostats, and even refrigerators are often on networks these days. But if they offer hackers an easy way in to attack your computers, it would be better to lose their convenience than lose data or money.

Albuquerque New Spectre Variants Devices
Spectre issues affected nearly all devices, including computers, tablets, and phones.

So is doing updates enough to beat the new Spectre variants?

Yes and no. While yes, many of the processor makers already wrote patches, many devices never receive them for other reasons. Bugs in updating software sometimes cause the system to believe it has the key update when it actually doesn’t. Because of this, it is important to track key update numbers and check that they actually do install.

We have seen this on several systems. The updater says that the system is completely up to date and secure, but critical updates are actually missing. Many times this goes on for years, and critical vulnerabilities sit on systems undetected.

Checking the update numbers, comparing them on the systems, and manually downloading the update is the only way we have found to correct this. But in larger, business environments, this can be a massive undertaking.

Albuquerque New Spectre Variants IoT
Although some IoT devices receive updates regularly, many more have no reliable way to fix issues like Spectre.

Is there a better way to make sure my system updates?

Thankfully there is— Astria offers vulnerability assessments for this very reason. Checking each individual system for every update to install is simply impractical, but our scans can find updates that didn’t properly install. That way we (or your IT staff) can resolve the issues before hackers try to use them.

Vulnerability assessments also check for other weaknesses. These scans identify problem devices so that you can isolate or remove them from your secure business network. Then things that may never receive Spectre patches never have a chance to cause you headaches in the future.

Plus vulnerability assessments can help you meet compliance standards, such as GLBA, PCI DSS, and HIPAA/HITECH, which require regular scanning. So vulnerability assessments can help your business with more than just Spectre and Meltdown issues.

 

We’re here to help.

Whatever methods you choose, Astria is ready to assist you in dealing with Spectre and Meltdown. We know cyber-security and can help your business prepare for attacks of many types. Whether you need help starting secure practices or are ready for vulnerability assessments, Astria is here to help you beat new Spectre variants and other cyber threats!