There's a good chance the phone, tablet or computer you use has a computer chip flaw that's opening you up to hackers. The recent announcement of more than a billion devices being susceptible sent 5 On Your Side Investigators into action.
We tracked down a company in our backyard designed to help stop the bad guys.
"It's a different type of flaw than what we usually see," said Alex Hamerstone from TrustedSec in Strongsville. The company helps organizations recognize cyber threats and vulnerabilities.
The newest culprits are flaws called Spectre and Meltdown and they are found in computer chips. “The chip allows a little bit of information to come and go without it being verified,” said Hamerstone.
Those chips are made by the biggest of companies like Intel and researchers have said nearly every computing system is susceptible.
The Software Engineering Institute paid for by our government gave a warning showing huge companies like Apple, Google, and Microsoft are affected. But there is a slight silver-lining said Hamerstone. “This is a really good example of the security community...researchers that are out there finding these vulnerabilities before the bad guys do," Hamerstone told us.
Patches for Meltdown are coming. However, Spectre involves the chip itself. It’s a hardware issue. "If you think about it,” said Hamerstone. “Even with infinite dollars, still just the producing this new equipment or replacing all these chips and all of these things is a huge effort."
Hamerstone went on to say the chips were made with speed in mind which left security a bit weak. "Think about your computer,” he said. “That's what's really important is fast, fast, fast. So, that allows this processing...these things to happen a little bit quicker than maybe most secure."
When that information in the memory of the chip is being transferred, that's when hackers can inject malware or snag your personal info.
So, what can you do? When you get all kinds of operating update messages all the time coming at you, don't ignore them. Take care of them right away. "What's important is when there is an update and there is a patch, it's that it's patching something that's known,” said Hamerstone. “And so, that means that attackers also know about it and are creating malware."
Other advice? Make strong, unique passwords and don't use the same ones for various online accounts. Take the recent LinkedIn hack, for example. "If you took all those usernames and passwords that people were logging in to LinkedIn with, it's very likely that those same usernames and passwords would also work across other sites,” said Hamerstone.
Stay vigilant because Hamerstone predicts now that the flaws are known, hackers will try to take advantage.