New Brunswick

Chip flaws could affect every New Brunswicker with a computer

The two flaws, called “Meltdown” and “Spectre,” could leave important information stored on computers available to hackers.

And no, Mac users, you're not immune this time

Two flaws found in computer chips will have a major impact on consumers and businesses. (Douglas C. Pizac/Associated Press)

Two computer flaws disclosed this week could conceivably affect any New Brunswicker with an electronic device.

The two flaws, titled "Meltdown" and "Spectre" could leave important information stored on computers vulnerable to exploits from hackers.

David Shipley, the CEO and co-founder of Beauceron Security Inc., said the flaws, and the effort to patch them, could mean a drop in productivity for business.

"All this time that the IT teams are going to be patching devices, checking this out, doing this work … will result in potentially billions of dollars in productivity losses," Shipley said.  

What are 'Meltdown' and 'Spectre?'

Shipley describes Meltdown as a con that could allow hackers to enter a computer's "bank vault," where passwords and account credentials are hidden away from programs.

Shipley compares Spectre to pickpocketing. The flaw allows hackers to take info from programs that shouldn't be visible outside that program.

Unlike other popular flaws like Heartbleed, this flaw is not a software issue. It's a flaw in the physical chips used in computers, smartphones and other electronic devices and could make the devices unsecure.

Since it isn't a software issue, no matter what operating system a computer runs, the flaw can still be exploited. Even traditionally exploit-resistant operating systems, like Apple's iOS, are vulnerable. 

Imperfect solutions

David Shipley, the CEO and co-founder of Beauceron Security Inc., says a patch, while necessary for each flaw, will create slowdown issues. (CBC)

But the remedy is the same as with software flaws — a patch. But Shipley said a patch on a physical flaw brings unique issues.

"Any patch they do is a kluge," he said. "It's going to be layered on top and it's going to cause problems.

"It's going to cause things like slowdowns on machines."

Shipley said some devices could see a 30 per cent slowdown because of the patch.

He said it will take a few weeks, or even months, before hackers can create viruses and malware to take advantage of the flaws, but the delay emphasizes a double-edged sword.

"As complex as it is to exploit, it's complex to defend against," said Shipley.

Extended, expensive problem

Shipley said that unlike software vulnerabilities, the physical flaws will continue to be a problem for years to come.

"The only way to really fix the problem is to replace the microprocessors in billions of devices," he said.

"So it's not going to happen overnight."

This could mean big headaches for not only consumers but businesses as well. Especially those in the tech sector, or computer-intensive industries.

"They're going to have to patch a lot of devices," Shipley said. "They're going to have to check their software against this."

With files from Harry Forestell and CBC News at 6