ALSO READDetails out! Xiaomi launches Mi A1, an Android One smartphone, at Rs 14,999 Beware! Google collects your location data even when you turn off tracking Alert! Your Android phone shares activity info with Google, apps: Report Google launches Android 'Oreo' Will my smartphone get Google Android Oreo? List of devices that get update
Indian consumers who use older personal computers or smartphones are vulnerable to a design flaw discovered
in Intel chips, despite efforts by technology giants to issue software patches to fix the defect.
Analysts are concerned that these patches may only reach more recent products that are covered by service agreements. Since Indian consumers tend to go in for slightly older products to save on costs, many users may fall out of the realm of service.
“Consumers using the latest software are likely to benefit more from these software updates. Newer PC versions are likely to be promptly updated. Smartphones, again, will be a very tricky business because updates have to be enabled by users and they need to have the bandwidth to download the same,” said N Shah, research director, Counterpoint Research.
Devices manufactured in the past decade would most certainly be affected by the industry-wide design flaw, he added. Retail and financial sectors should take special care to update their systems, he noted. Versions older than Windows 10 and Android 7.0 might not be promptly updated given that traditionally consumers tend to cut corners when it comes to upgrading their systems.
Smartphone updates are usually issued at a firmware level by their manufacturers. So to ensure that a hardware bug is fixed effectively Android software updates may need more than one iteration. Data centres are less likely to be affected by these concerns as these function in more controlled environments. Another area of concern would be enterprise users like retail chains and financial clients, which usually took some time to patch systems in bulk, he added.
The defect identified by a Google security engineer has created nervousness across technology companies globally. “An unauthorised party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications running on these CPUs. Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host,” said Matt Linton, senior security engineer, on a Google blog post yesterday.
The kernel-level bugs have been nicknamed Meltdown and Spectre. While the first one is specific to desktop devices, the latter targets a wider selection of devices, including smartphones. Spectre affects chips from Intel, AMD and the Softbank-led ARM. A Symantec adviser said,“Patches have already been released for Windows, macOS, and Linux to patch Meltdown. Spectre is reportedly more difficult to patch, but also more difficult to exploit.” However, the software updates may affect device performance, say experts. These vulnerabilities affect many CPUs, including those from AMD, ARM and Intel, as well as the devices and operating systems running on them. Google has issued a statement ensuring users that all G-suite applications and the Google cloud platform have been updated to prevent “all known attack vectors”.
Apple has confirmed that all its devices are affected by the vulnerability and has released patches. Apple’s smartwatches have not been affected by Meltdown.