Archive for iOS

Spectre and Meltdown – What They Mean for You

Modern computers contain processors (CPUs) which do the heavy calculations that make your device work – the better the CPU, the faster your device. These computer chips are used in devices made by computer manufacturers all over the world, as well as Microsoft, Apple, Google and are in servers everywhere.

‘Spectre’ and ‘Meltdown’

Severe design flaws were recently discovered in CPUs, and these vulnerabilities were called ‘Spectre’ and ‘Meltdown’. Essentially these vulnerabilities can allow hackers to take advantage of the fact that whilst it is not being fully used, modern CPUs can do something called ‘speculative execution’. This is a techy way of saying that they take notice of what tasks you do often, and try to do those tasks for you in the background and store the data for you, so that it is quicker for you then next time you choose to do that task.

It’s a bit like going to the same coffee shop every day and one day you find that they have your cup ready for you. Except in this case instead of coffee its data – at times very important data – and that’s the problem. This data is held in something called a ‘cache’ and just sits there until it is told to clear itself.

The ‘Spectre’ vulnerability allows attackers to trick the processor into performing these speculative operations and ‘Meltdown’ can collect the data that is created. To date there have been no reports of attacks but as this has been known in the IT community for a while it is only a matter of time, especially given the fact that these vulnerabilities exist in CPUs made over very many years – so there are plenty of them to attack.

It is serious enough that CPU makers and makers of Operating Systems are rushing to get security fixes out to users. Intel are issuing updates for their processors to fix the vulnerability and AMD are working on a patch. Microsoft have issued updates for Windows 7, 8.1 and 10, with Apple have released updates for iOS11.2, MacOS 10.13.2 and tvOS 11.2. Google, Amazon etc. are also looking at the issue.

What does it actually mean for you?

The fixes that are being issued make changes to the way CPUs speed up your work – in effect the fixes are putting the brakes on the CPU to an extent and potentially reducing its performance. Some people may see a minimal impact but some may see a significant slowdown in the performance of their device after the fixes have been applied.

At the present time, it is believed that Windows 10 with newer CPUs will see a negligible impact but with older CPUs there may be a noticeable decrease in performance. Most noticeable decrease in performance are Windows 7 and 8 machines with older CPUs and according to Microsoft, fixes for Windows Servers will have a “significant impact” on performance after the updates.

It may be that over time, these updates may be refined and the impact may be reduced, but for the time being if you see a marked decrease in the performance of your device, it may well be that fixes for CPU flaws are causing it or contributing to it.

Whilst it may be unwelcome news, it is vital that you do keep all your updates current, no matter what device you are using.

If you would like help please call us on 01455 209505.

Ransomware comes to iOS

iOS Ransomware scam

For some time now, Windows users have been targeted by criminals who effectively lock their computers and extort money from them – using malicious software called Ransomware. Much of the time, the scammers display messages pretending to be from law enforcement, alleging user access to pornography, etc. and users generally cannot remove these messages unless they pay.

Mobile Safari flaw

Unfortunately, a flaw in Apple’s Mobile Safari browser brought this problem to iOS users. Malicious code on some websites forced the browser to constantly display a message telling people that Safari could not open a page because it was “invalid” and that it was caused by viewing illegal pornography.

What the scammers did was to exploit a flaw relating to pop-up windows using Javascript, which allowed them to constantly display their ransom message by creating a pop-up window loop – effectively making Safari unusable.

Users were told to email an address for unlocking instructions, or forcing them to buy an iTunes gift card to pay a fine.

How to fix this flaw

Due to the nature of what the scammers were alleging, many users did not ask for help, which is a pity as the message could be removed by going into device settings and clearing the browser’s cache, or going into ‘Airplane mode’ and closing the tab – things which the scammers knew most users would not be aware of.

This flaw has been present for some time, but has now been fixed in the 10.3 iOS release this week, amongst other fixes and tweaks to the operating system.

As with all iOS releases, there are pluses and minuses when upgrading, but Ransomware is just one good reason to upgrade today.