Posts from 2018-01-08

All the passwords in the world will not protect our data now

The only way to fully fix the microchip flaw would be a mass recall of almost every device on the planet

For years, computer experts have given us a baffling list of things we have to do to ensure our most precious data is kept safe: Use passwords with numbers and capital letters; no wait, use longer ones, and don’t forget to come up with different codes for each account. We’re now encouraged to use techniques such as two-factor authentication and fingerprint scanners to ward off hackers, and the companies we trust with our photos and messages go to even greater lengths, employing military-grade security and secrecy around the huge data centres where they are stored.

Last week, we learnt that all this is not enough. A critical flaw in billions of microchips that power everything from our mobile phones to corporate supercomputers has emerged, allowing hackers to gain access to private files when we do something as innocuous as visiting the wrong website. At first, it was believed that the bug covered merely computers using chips designed by American giant Intel and would be solved by a technical update; but it has since emerged that the problem is far more widespread, extending to the devices in our pockets, and not fixed as easily as hoped.

The hack, which takes advantage of the way microchips process instructions from computer programmes, affects computers that date back two decades. Even products made by Apple  which is known for priding itself on security  are vulnerable.

The fact that there are no known examples of cybercriminals exploiting the “Meltdown” and “Spectre” bugs is little consolation. As soon as the existence of the flaws emerged, hackers will have begun working on a way to exploit them. It is possible that such weapons have been in the works for months, since the bugs were first uncovered in June last year.

Although they have been kept under wraps by tight-knit security teams since then, selling this knowledge to the right bidder — a rogue state, for example — could be worth millions.

The last 12 months have seen major cyber attacks mounted with growing frequency, from the “WannaCry” outbreak launched from Pyongyang that crippled parts of the National Health Service in Britain last March, to the hack of Uber’s servers that stole the data of 57 million people. It may be only a matter of time until we see this flaw exploited.

The tech companies we entrust with increasing amounts of data are rushing to introduce software updates. Apple said some of the issues had already been patched, and it would come out with further updates in future.

But  and this is the crucial point  these solutions are mere sticking plasters. The startling, and unprecedented, thing about this bug is that there is almost no way to defend against it. By going to the core of our computers, it renders the defences we have come to trust  passwords, anti-virus programmes, encryption useless. Follow all expert advice and you are still vulnerable. The only way to fully fix it would be a mass recall of almost every device on the planet.

The microchip companies that sacrificed security for speed are rightly suffering from this outbreak. But the lesson to take is this: The things we store on our computers, that we photograph on our phones or that we send to others, are all potentially compromised. No matter how much we keep up our guard, a digital paper trail exists somewhere, and it can be located with the right tools. It is a trade-off we may be willing to accept for all the benefits that digital technology brings us, but this latest security scare is a wake-up call. It should reset our understanding of what is safe, and more crucially, what is not.