Unfortunately, it’s not always user error that can result in dangerous software or vulnerabilities making it onto your computer. Back in January, we posted about how an issue affecting specific computer hardware chips could lead to you having personal information stolen by malicious software, or malware. Well, it’s time to ensure that your computer is up to date once again, as a new threat is looming on the horizon.
Following the previous risks posed by two vulnerabilities known as 'Spectre' and 'Meltdown', a new problem known as 'Foreshadow' could put millions of devices at risk of having personal details stolen, with hackers gaining access to machines and cloud storage.
As usual, we owe thanks to security researchers for the discovery of this newest security flaw, which affects Intel computer chips, much like the 'Spectre' and 'Meltdown' vulnerabilities that surfaced earlier this year. The new flaw, which has already been named 'Foreshadow' would theoretically allow hackers to pilfer personal data directly from a computer's memory. This could be anything from simple passwords, to sensitive files and embarrassing or personal pictures.
How the exploit works
Foreshadow works by targeting an inherent Intel feature that's known as 'SGX'; this is designed to offer protection to users from attacks called 'speculative execution attacks'. In layman's terms, the SGX feature builds a protective fortress around the user's personal data, placing obstacles between an attacker's 'scout' that is designed to infiltrate and explore the system for information to steal.
However, the Foreshadow vulnerability gets around this protection, allowing this 'scout' access to the protected data. This is achieved by creating a false copy of the protected data within an unprotected location, which is targeted and gathered. What’s more, the malware can create fake imitations of protected storage into which users are encouraged to directly input personal information.
Word from Intel
Intel has said that it began rolling updates out to the operating system software today, which would address the security vulnerability directly. Though there’s no evidence of any instances of this software flaw being used to hack machines, Intel says that this security patching will help to reduce the chance of any attacks occurring. The company is also already working on developing new hardware products that will be more secure and lessen the incidence of flaws such as these.
Protecting your data
Keeping yourself safe is straightforward in this instance; all you need to do is ensure that you’ve downloaded the latest security updates for your computer. If you’ve already got automatic updates enabled, then this should happen automatically. As a rule of thumb, you should always ensure that you download security fixes as and when they become available.
If you’re struggling to work out how updates work, or you’re experiencing problems with your machine already, then WiseGuys can help. We offer support and computer repairs in Bournemouth and Christchurch. You can reach us on the phone by calling 0808 123 2820.