Spectre and Meltdown Highlight Online Banking and Digital Gold Risks
– Critical hardware flaw breaks basic security: risks to online banking & digital assets
– Nearly all computers worldwide, smartphones and other devices – exposed to major security risk
– Two separate security flaws identified in devices powered by Intel, ARM and AMD chips
– Vulnerability known about for six months by tech insiders
– Cyber crime represents the biggest transfer of economic wealth in history
– Cyber crime damage costs to hit $6 trillion annually by 2021
– All digital assets and information at risk
– Crypto currencies, digital assets including gold exposed
– Physical gold’s benefits highlighted
Editor: Mark O’Byrne
The Spectre and Meltdown double whammy this week underlines the increasing risks in the global computing infrastructure and our online banking and digital asset world of banking and finance.
On Wednesday, came news that anyone who uses a computer, smartphone, tablet etc has been introduced to the concept of ‘hacked hardware’. Two separate security flaws, named ‘Meltdown’ and ‘Spectre’ have been identified in devices powered by Intel, ARM and AMD chips. The flaws make pretty much any device hackable.
Not only are our ‘things’ affected but data centres and devices that connect to the cloud are also at risk.
The problem was identified by Google engineers and has been known about for approximately six months. Whilst no attacks taking advantage of these security flaws have yet been identified, we are talking about an unprecedented number of computers, devices, people and companies, including banks, being exposed.
The BBC estimates that ‘for personal computers alone: there are 1.5 billion in use today (desktop and laptop combined) and around 90% are powered by Intel chips, IDC estimates. That means exposure to the Meltdown bug is potentially huge.’
Meltdown affects laptops, desktop computers and internet servers with Intel chips. However, Spectre is an arguably bigger threat. It affects chips powered by Intel, ARM and AMD. in smartphones, tablets and computers.
Why is this a big deal?
The weaknesses leave any device with affected chips vulnerable to both hacking and slowdown in performance. The flaw could give cyberattackers unauthorized access to sensitive data.
This is scary as for years users have been used to warnings by the tech industry that there are security holes in software. These are regularly taken advantage of by hackers. But we are now exposed to a flaw in hardware. Hardware troubles are arguably much harder to fix and newer impossible to replace given their extensive presence around the world.
Scott Borg, director of the U.S. Cyber Consequences Unit, is most concerned about hardware vulnerabilities over software ones. He sees the biggest threat in industry.
Borg recently spoke at Stanford University and explained the shift in hackers’ mentality:
“Initially,” he said, “[hackers] focused on operations control, monitoring different locations from a central site. Then they moved to process control, including programmable logic controllers and local networks. Then they migrated to embedded devices and the ability to control individual pieces of equipment…You can imagine countless attacks manipulating physical things,”
Why are hackers turning to hardware over software? Surely software has a greater reach? No, argues Borg. The decision to move to hardware is purely economic. Stock manipulation is a key way cyberattackers can take advantage of a hardware malfunction.
“There is a limit to how much you can steal from credit card fraud; there is no limit to how much you can make in taking a position in a market and making something happen,” Borg says. “You can short a company’s stock in a highly leveraged way, then attack the company in a way that makes stock fall, reinvest on the way down, and multiply your investment hundreds of times. This is a big growth area for cybercrime; it has been done multiple times already, but it is really just starting to get under way. This is going to be a huge area for cybercriminals.”
Previously individuals were worried about the clicking on a dodgy link or downloading an unknown file. Worst case we believed was credit card or identity fraud. Now, we’re looking at elements of our portfolio being attacked – imagine if you have shares affected by this latest round of news regarding chip security.
We are also, very seriously, facing an attack on our homes.
Nowhere is safe
This Christmas showed the smart home had arrived. Sales of Amazon’s Alexa and Google’s Echo made headlines as families realised they could have a smart home for just $500. The total spend on Internet of Things products and services was expected to reach $2 trillion by the end of last month.
Gadgets such as wearables and smart fridges make our busy lives more productive. They’re supposed to free up time for us to do ‘fun’ things but they arguably just create space for more tasks we create for ourselves, one of those being securing our home from hackers.
By the end of 2017 there were expected to be 8.4 billion internet-enabled devices in use, increasing to 20.4 billion by the end of 2020. This all sounds great but its a goldmine for hackers.
Which? carried out a series of tests in a ‘smart home’ last year. Eight out of the fifteen devices were found to have security vulnerabilities.
We can even be taken in by freebies. In 2006 McDonald’s Japan put their customers at major financial risk just by giving them a free mp3 player. Popular Science explains:
In late summer of 2006, the Japanese division of McDonald’s decided to run a new promotion. When customers ordered a Coca-Cola soft drink, they would receive a cup with a code. If they entered that code on a designated website and were among 10,000 lucky winners, they would receive an MP3 player pre-loaded with 10 songs.
Cleverly constructed, the promotion seemed destined for success. Who doesn’t like a Coke and a free MP3 player? But there was one problem the marketers at McDonald’s could not anticipate: In addition to 10 free songs, the music players contained QQPass malware. The moment winners plugged their players into a computer, the Trojan horse slipped undetected into their system and began logging keystrokes, collecting passwords, and gathering personal data for later transmission.
This is just one example but a good one of how easy it is for us to be affected by vulnerable hardware. These microchips that are under threat are in our fridges, our cars, our phone, planes and even missiles.