The start of 2018 has been anything but quiet for the cybersecurity industry. Last week, Google Project Zero disclosed vulnerabilities that affect the majority of major microprocessor chips. This defect could allow hackers to gain access to information from both personal computers and cloud computing services.
The recent microprocessor chip vulnerability had gone unnoticed for TWO DECADES.
Thankfully, the average user has little to worry about. They should update software for new patches and consider installing an ad-blocker to help protect against malware-carrying ads designed to exploit the new vulnerabilities.
There may not be much to worry about for this vulnerability, but it exposes a whole other set of reasons to be concerned.
Technology, It’s Everywhere
Digital technology is becoming more and more integrated into the world. Not only is technology in phones and computers, but now it is in places such as cars, smart speakers, and even baby monitors. Technology has exploded in the world around us, it may be time to be concerned about safety.
Protecting conversations and personal identifying information, was not an initial concern in digital technology. But, as it has grown, so has its development.
We’ve begun to sacrifice features like security in order to have speed and memory space. Our everyday lives haven’t always involved computers. Now, as we rely on technology for the majority of our day to day activity, these sacrifices are coming back to haunt us.
You’re More Predictable Than You Think
Most current microprocessors use tricks to get more memory out of a computer program. The most common trick is having the microprocessor predict the next program move and start executing said move before it has been asked. This can be compared to a waiter bringing you a second cup of coffee before you even asked for it.
What if you had decided to switch to tea instead of the coffee? Your waiter then simply dumps the mistaken cup of coffee and makes the tea. Time may have been wasted, but the gained time from anticipation still exceeds the lost time. All’s well that ends, well right? Unfortunately, that is not true.
Maybe for some reason, you didn’t want everyone to know the details that went into the brewing of your coffee. If others observed the waiter brewing your new cup, they could learn a lot (maybe even trade secrets). This information may not have been revealed if the waiter had just waited for your new request instead of jumping the gun, this information may not have been revealed.
When a microprocessor predicts wrongly, they do the same and leave small traces that hackers can exploit.
With so many vulnerabilities, we are seeing an influx of patches to protect computers. Be warned, these fixes are only temporary. These fixes inevitably hinder performance as they require correcting strategies for optimizing performance. Since, the problem is in the hardware and difficult to replace, fixing such a problem is exorbitantly expensive.
Three independent teams discovered the vulnerabilities announced last week. Each team found the same flaw around the same time. Since the flaw has been around for two decades, it could be possible that another less trustworthy team found the flaw earlier and have since exploited it.
A Time for Change
Digital technology must be brought back to basics and be revamped. Companies constantly release patches as “band-aids”. The cybersecurity industry has not made any real changes to prevent a repeat. We are not holding responsible companies accountable for their actions; thus we will continue to sacrifice security.
As technology continues to weave itself into our everyday lives, its crucial to make things more secure. We know software is vulnerable. So why not move security functions to properly audited hardware? Hackers can not touch unreachable parts of the system. Now, it’s more important than ever to sacrifice speed, if it means making our technology more secure.
Computers are built to have high-performance speeds. The installation of “bloatware” on computers is what causes them to slow down. Bloatware is poorly written software that attempts to track online activity. Once we fix these programs, computers should regain speed.
Without such changes, we will continue so witness hack after hack. If bridges constantly collapsed, we wouldn’t just ignore it. Instead, we’d take an in-depth look at construction techniques and hold builders accountable for ignoring proper infrastructure protocols.
Oh wait, the collapse of the 35W bridge in downtown Minneapolis in 2007 sparked such a change in infrastructure.
If we can do this after one incident, why can’t we do the same for the safety and security of our digital technology? Times are changing, so it is crucial that our approach to digital security is too.