Meltdown & Spectre: Here's How to Keep Your iPhone or Android Phone Secure
You may have seen news reports over the last two days detailing a major security flaw in virtually all smartphones. The devices that are at risk are not limited to either iPhone or Android — all of us are affected. If you want to make sure your smartphone and its data stay secure, there are a few steps you can take.The two vulnerabilities at play here are called Meltdown and Spectre, and they're due to flaws in a very common mechanism used by processors. So a wide variety of electronic devices are at risk, and it doesn't matter what operating system you're running. What's important, however, is that you remain vigilant.
Meltdown & Spectre ExplainedDuring speculative execution, which is a mechanism many processors use to anticipate upcoming actions and speed up performance, the chips access multiple memory points at once to retrieve the proper resources.While this in itself is no cause for concern, researchers find that, occasionally, the act of speculative execution leaves data that should be protected open to potential access by intruders. In short, it's a hardware security issue, not software.However, since the code from all of your apps is filtered through your phone's processor, software is at the core of this issue. While no actual hacks using Spectre or Meltdown are known to exist for either iOS or Android at this point, if and when one is eventually created, it will use software to exploit the weaknesses in your processor's speculative execution mechanism.Since you can't update your device's hardware without buying a new phone, the best way to protect yourself against these threats is by keeping a tight rein on the apps and software that run on your phone.
The State of Meltdown & Spectre on iOSApple was quick to issue a statement on the issue, which goes over how Meltdown and Spectre function. While the company admits all iPhones are affected, it claims no known attacks or exploits exist at this time.The company states it issued mitigations for Meltdown with the release of iOS 11.2, however, an update to address Spectre is on its way. (Update: Spectre patch was issued in iOS 11.2.2.)Still, the company warns users to be vigilant. They caution users to only download apps from the official App Store, as the biggest threat appears to come from malicious applications.Don't Miss: 24 iOS 11 Privacy Security Settings You Should Check Right Now
The State of Meltdown & Spectre on AndroidAndroid, unlike iOS, services many smartphones made by a variety of manufacturers. While Google develops Android, it's also up to each OEM to stay on top of updates.Interestingly enough, it was Google who made the chip flaw discovery in the first place. The company planned to announce the security issue alongside Intel next week, but were forced to address it this week after reports surfaced.We have updated our systems and affected products to protect against this new type of attack. We also collaborated with hardware and software manufacturers across the industry to help protect their users and the broader web. These efforts have included collaborative analysis and the development of novel mitigations.Google claims that ARM-based Android devices with the latest security patches are protected. ARM released an official statement as well, which claims that the majority of ARM-designed processors are not at risk, only a handful are.However, in the affected category is the Cortex A73. These cores power the Snapdragon 835, which is featured in many of 2017's Android flagships, including the Galaxy S8, S8+, Note 8, OnePlus 5 and 5T, Google Pixel 2 and Pixel 2 XL, and so many more. The same can be said for many of 2015's flagship Snapdragon 810 devices, which use Cortex A57 cores.Don't Miss: Android Security 101 — Guides to Help Keep Your Phone Safe
What You Can Do About ItNow that you know where things stand with your phone and these speculative execution exploits, there are a few best practices you can use to keep yourself safe. True, these are mostly common sense, but as long as you follow these instructions, you'll be as safe as you can be.
1. Accept All Security Patches & UpdatesThe most important thing anyone with a smartphone can do right now is keep their device fully updated. Your phone's OEM will be rushing to issue security patches now that these vulnerabilities have been discovered, and, according to the U.S. Computer Emergency Readiness Team, updating your software is your best defense against these chip flaws.Apple just released an update to the iOS 11.2.5 beta yesterday, while the company seeded the latest public update, 11.2.1, Dec. 13. While these updates do not explicitly address any of the discovered chip flaws, they do feature the latest security patches and bug fixes Apple has to offer.While Android does not share the same uniformity as iOS, Google claims its latest security patch covers ARM-based processor vulnerabilities. OEMs and carriers regularly release security patches, such as Wednesday's AT&T's S7 and S7 Edge patch, or T-Mobile's Note 8 patch last month. However, neither of these updates contain fixes for Meltdown and Spectre — it's the January 2018 security patches you need to look out for.Another issue here is that Spectre or Meltdown exploits aren't known to exist for mobile devices yet. This means that any security patches aiming to protect against these threats are mostly preemptive. Going forward, we may see mobile-targeted exploits using Spectre or Meltdown — if this happens, phone makers will likely need to issue another security patch to block that specific exploit.Bottom line, make sure your device is running the latest firmware it can. It's the best way to protect yourself, so take some time each day to check for updates.
2. Be Careful Which Apps You InstallIf a Spectre or Meltdown exploit is created that can actually hack a smartphone, chances are, it'll come in the form of an app. Since the security flaw is in your processor, and all apps are filtered through your processor as they run, it just takes one with the proper code to execute the exploit.Apple has recommended that iPhone users do not sideload apps — in other words, only install apps from the App Store, where Apple has had a chance to review their code. Of course, you have to go out of your way to sideload an app on iOS, so most users shouldn't have a problem here.The situation on Android is similar, but it's a lot easier to sideload apps on Google's OS, and there are a lot more unofficial app stores out there. No matter what you do, don't install random APKs you find on the internet — this is where most Android malware originates. Instead, only install apps from the Google Play Store, and even then, it would be a good idea to install an antivirus scanner to be extra safe.On either operating system, you should still be cautious when installing apps from your phone's official app store. Take time to read reviews and check into the app's developer — if there's anything fishy, resist temptation and don't install the app.
3. What to Do with Older DevicesThe sad fact is OEMs abandon products after a certain amount of time. If you are using a smartphone that no longer receives updates, you are leaving yourself open to vulnerabilities, both with the chip flaws as well as any others discovered.The best way to protect yourself is to buy a smartphone that is still supported by the manufacturer. Better yet, buy one designed with security in mind. Short of that, if you're running Android, you may want to look into installing a custom ROM, which is a community-built version of Android, typically with the latest security patches applied.Another thing to consider when shopping for Android phones is the OEM's track record with updates. If you don't want to find yourself in a similar situation in the future where your fairly-new phone isn't getting important updates to block security threats like these, you'll want to buy from a manufacture that's known for keeping their devices updated. To get a good sense for this, we recommend reading our list of phones that are receiving the latest Android update this year.Don't Miss: The 4 Best Phones for Privacy & SecurityFollow Gadget Hacks on Facebook, Twitter, YouTube, and Flipboard Follow WonderHowTo on Facebook, Twitter, Pinterest, and Flipboard
Cover image by MKBHD/YouTube
If Outlook won't let you send an attachment because it exceeds some limit, adjust the Outlook attachment size limit. Updated to include Outlook 2019.
Maximum email size limit for Gmail, Outlook.com, etc
RELATED: Google's Best Hidden Games and "Easter Eggs" How to Play Google's Hidden Text Adventure Game. Triggering this easter egg isn't quite as simple as some of the others, which makes sense since text adventure games aren't exactly known for being easy. Start by Googling for "text adventure" using Google Chrome.
Google Easter Egg Games: Hidden Games In the Search Box
How to Block and Unblock Facebook Applications. How to stop an application from getting your, info, sending you gifts, inviting you to join, etc. (i.e. FarmVille, mafiawars, yoville, etc).
How to Unblock Someone on Facebook - wikiHow
However, if you prefer the light look, the other option for Android 9 and lower is to "Set by Battery Saver." When chosen, your phone will turn on the dark theme on the calculator app when battery saver is enabled. This allows you to use the preferred look but let you stretch the battery a bit when at a lower battery percentage.
How to Enable the Hidden 'Night Mode' Setting on Android 7.0
But there are times when a surprise is the last thing you want, like reaching into your pocket to find that your Samsung Galaxy S3 is not where it should be. Having your phone stolen used to be the end of the story, but as technology continues to improve, our ability to locate and secure our smartphones does as well.
How to track and control Samsung Galaxy devices remotely
One downside to iOS 11's awesome built-in QR code scanner in the Camera app is its only been live for a short while. In its short life, there has already been a security vulnerability discovered that was an issue for at least the last 4.5 months, but Apple has finally patched this weakness with its iOS 11.3.1 update.
Coinbase 101: How to Add a PayPal Account to Get Your Cash
How To: Add Every Volume Slider to Android's Notification Tray How To: Get a True "Silent Mode" on Android Lollipop How To: Easily Adjust Sound Levels on Android (Even with Broken Volume Buttons) How To: The Fastest Way to Change an App's Notification Settings in Android Lollipop
How to Block Notifications from Any App in Android
How To: Download Any Video On Google Chrome! What's up, in this video I am going to be showing you how to download any video on Google Chrome using an extension. This extension doesn't work for
Download Video on Chrome with These 5 Free Online Video
Automatically Kill Battery-Draining Background Services on
9. Create a collection of saved posts. In addition to being able to view all of the posts you've liked, Instagram also has an option to save or bookmark certain posts in collections that you create. Start by going to your profile, and tapping the bookmark icon on the top-right menu above your photos.
How to view photos I've previously liked on Instagram from my
How To Add Links To Instagram Stories In The Latest App Update Want your followers to be able to explore your story on a more in depth level? Adding a link directs users to related content
How to Add Links in Instagram Story - YouTube
Over time, the Desktop becomes cluttered and you will find that you won't be able to find the files you want so quickly now as your desktop is now overwhelmed with files, folders and icons. If you're a Mac user, there may be a number of tools that can help you keep your desktop organized. One of these is Desktop Groups.
How to Organize Your Computer Desktop | Reader's Digest
Sennheiser HD 598 Cs -- $100 (Amazon) In a gold box deal on Black Friday, Amazon has the Sennheiser HD 598 Cs closed back headphone (list price of $250) on sale for $99.95 while supplies last.
The best Black Friday phone deals of 2018: iPhone XS, Samsung
How to Hide the Navigation Bar & Enable Gestures on Your
0 comments:
Post a Comment