Saul Gravy/Getty Images
While technology is supposed to make our life easier — online shopping and banking, hailing an Uber with the tap of a screen, or video chatting with the kids and grandkids — we’re sometimes reminded there are downsides to the Information Age.
Recent news that a security flaw in the processing chips affecting nearly all of the computer devices and gadgets most of us use daily was a reminder of our vulnerability to hackers who could steal information, including passwords and other sensitive data.
In a blog post published on Jan. 3, a Google security team announced discovery of two related flaws — they called them Meltdown and Spectre — affecting almost all modern-day CPUs (central processing units), including those from Intel, Arm and AMD, and all operating systems and devices running them.
The discovery meant they found that virtually all smartphones, tablets, laptops and desktop computers — whether they’re running Microsoft Windows, macOS, Android, or iOS (iPhone, iPad) — are at risk.
What’s being done
Since then, all the major chipmakers have issued updates to many of their CPUs, whether for our consumer devices or corporate-server computers. Intel says it has fixed about 90 percent of its CPUs from the last five years, while AMD and Arm also are rolling out updates (even though both claim not all their processors were affected).
Operating systems also are being updated. Google — which owns Android, the world’s most popular smartphone operating system — says it already has applied updates. Computers that run Google Chrome OS (Chromebooks) also have been fixed.
Microsoft says it has pushed out an update to Windows 10 to address this processor vulnerability, with other versions of Windows to follow by mid-January.
Apple says it, too, released “patches” for its iOS, macOS and tvOS devices (Apple TV). Apple says its watchOS that powers Apple Watch is not affected.
What you can do now
- If you don’t already, allow your computers, phones and tablets to automatically install software updates as they are released. To manually update, go to the About section of your device, in Settings, to see if there are any system updates available.
- Always have good anti-malware (malicious software) installed on your devices. Security software will prevent unauthorized access, keep out viruses and warn you of installing something suspicious.
- Never tap or click on an email, text message or pop-up message from a company that asks you to confirm personal or financial information – even if it looks legit. It’s likely bogus. Your bank, financial institution or credible online payment service — such as PayPal — will never ask for sensitive information via email or text message.
- Hang up on anyone who calls you and says they are from Microsoft or an IT department, have detected a problem and need you to follow some instructions to fix it. It’s a scam.
What you can do always
- Have good passwords for all your online activity. A good password is at least seven characters long and a combination of letters, numbers and symbols. When logging into web services, opt for two-step authentication — which means you'll need not only your password to access your online account but also a one-time code sent to your mobile phone — to confirm it's really you.
- On your mobile device, be sure to log on with a PIN code, password, pattern or biometrics login (such as your fingertip or iris scan). This way, a lost or stolen phone won’t reveal your personal information because a thief won’t be able to log in.
- Be cautious with public Wi-Fi. Airports, hotels and coffee shops offer free wireless Internet, but these hot spots are sometimes a target for cyberthieves out to steal your data. Good anti-malware can detect and stop an intruder, but err on the side of caution: Stick to basic tasks — like reading the news or streaming music or video.
- Back up important files regularly. Options include a free cloud service (like OneDrive, Dropbox, iCloud or Google Drive), external hard drive, USB thumb drive, or recordable CD. As long as you do something, you’ll minimize the damage if you are hit with a virus or scam, or a lost, stolen or damaged device.