How the Spectre and Meltdown CPU flaws affect phones and tablets

Intel may have dominated most of the news surrounding the kernel bug in processors, but it’s not just Windows and Macs that are at risk. In addition to Meltdown, there is also a “branch target injection” bug called Spectre that affects mobile ARM processors found in iOS and Android phones, tablets, and other devices that could also expose your data. Here’s everything we know about it so far.

This post has been updated with comments from Apple and Google.

[ Further reading: Meltdown and Spectre FAQ: Fix for Intel CPU flaws could slow down PCs and Macs ]

Wait, now my phone is at risk too?

Kind of. Google’s Project Zero team uncovered the Spectre bug as part of its larger investigation into CPU security and has already taken steps to mitigate the risk. However, even if you have a phone that’s vulnerable, Google notes that “exploitation has been shown to be difficult and limited on the majority of Android devices.”

Additionally, Apple says all iPhones and iPads are affected by Spectre as well, though “they are extremely difficult to exploit.” The company also says the Meltdown bug also affects iOS devices, though mitigations were released last month as part of iOS 11.2.

pixel 2 xl weather widgetAdam Patrick Murray/IDG

Your Google Pixel 2 XL was already patched, as long as you have automatic updates turned on.

Are some phones at higher risk than others?

The overall risk is the same, but newer Android phones are in much better shape than older ones. Google’s latest security patch, which was released in December, “includes mitigations reducing access to high precision timers that limit attacks on all known variants on ARM processors.” That means all Pixel phones have been patched (assuming automatic updates are turned on), as well as Nexus 5X and 6P, as well as the Pixel C tablet.

Apple says Meltdown mitigations have been released for all iPhones running iOS 11.2, and Spectre mitigations are on the way.

How can it be fixed in non-Google phones?

Just like Meltdown, Spectre can only be mitigated via software. Some newer Android phones (such as the Samsung Galaxy S8 and Note 8) have already been updated with the December update, and other manufacturers should start pushing out their own updates within the next few weeks, as well as Apple’s iOS devices. However, many Android phones will likely remain vulnerable.

Leave a Reply

Your email address will not be published. Required fields are marked *