Intel may have dominated most of the news surrounding the kernel bug
in processors, but it’s not just Windows and Macs that are at risk.
In
addition to Meltdown, there is also a “branch target injection” bug
called Spectre that affects mobile ARM processors found in iOS and
Android phones, tablets, and other devices that could also expose your
data. Here’s everything we know about it so far.Wait, now my phone is at risk too?
Kind of. Google’s Project Zero team uncovered the Spectre bug as part
of its larger investigation into CPU security and has already taken
steps to mitigate the risk. However, even if you have a phone that’s
vulnerable, Google notes that “exploitation has been shown to be
difficult and limited on the majority of Android devices.”
Additionally, Apple says all iPhones and iPads are affected by
Spectre as well, though “they are extremely difficult to exploit.” The
company also says the Meltdown bug also affects iOS devices, though
mitigations were released last month as part of iOS 11.2.
Are some phones at higher risk than others?
The overall risk is the same, but newer Android phones are in much
better shape than older ones. Google’s latest security patch, which was
released in December, “includes mitigations reducing access to high
precision timers that limit attacks on all known variants on ARM
processors.” That means all Pixel phones have been patched (assuming
automatic updates are turned on), as well as Nexus 5X and 6P, as well as
the Pixel C tablet.
Apple says Meltdown mitigations have been released for all iPhones running iOS 11.2, and Spectre mitigations are on the way.
How can it be fixed in non-Google phones?
Just like Meltdown, Spectre can only be mitigated via software. Some
newer Android phones (such as certain versions of the Samsung Galaxy S8
and Note 8) have already received Google’s December security update, and
other manufacturers should start pushing out their own updates within
the next few weeks, as well as Apple’s iOS devices. However, many
Android phones will likely remain vulnerable.
What if my phone doesn’t get updates anymore?
A hacker could potentially trick an otherwise safe app on your phone
into handing over your personal info such as passwords and encryption
keys. However, an attacker would need access to your unlocked phone as
Spectre is unlikely to be implemented or triggered remotely.
Additionally, sandboxed JavaScript code can be used to exploit the
vulnerabilities in browsers. Google has updated Chrome and Apple plans
to update Safari in the coming days to mitigate the risk, so all phones
and tablets will be protected.
Is my iPhone affected by the Spectre CPU flaw?
Short answer, yes. Apple says that all iOS devices are affected by
the Spectre bug, and while mitigations will soon be released for Safari,
it has yet to push out any OS-level protections against Spectre.
They’re on the way, though.
Is my iPhone affected by the Meltdown CPU flaw?
Apple says the Meltdown bug also affects iOS devices. iPhones running
iOS 11.2 have received mitigations to protect against possible attacks,
so make sure to update your device.
Will my phone slow down when the updates are issued?
The patch doesn’t appear to have a noticeable effect on performance,
but it’s a much harder to measure than on a phone than it is on a PC.
Google says it has developed a new mitigation called Retpoline
that protects against possible attacks with “negligible impact on
performance.” It has deployed the patch on its own systems and shared it
with industry partners. Additionally, Apple says the updates it has
issued to iOS and Safari “resulted in no measurable reduction in
performance.”
Are the iPad and Apple TV affected?
Yes and yes. iOS 11.2 mitigates the risk of Meltdown on iPads and
tvOS 11.2 does the same for Apple TV. Spectre mitigations are in the
works.
What about Apple Watch?
Apple says Apple Watch is unaffected by Meltdown. Mitigations are on the way to protect against Spectre.
What about my Google Home and WiFi?
Google says these devices are unaffected by the Spectre bug.
No comments:
Post a Comment