Many individuals take for granted the high speed their devices operate at. Especially at Choate, where technology is present in nearly every facet of our lives, devices meet our demands at seemingly instant rates. However, this comes with certain costs: The mechanisms that permit high speed operation make devices susceptible to security breaches.Many individuals take for granted the high speed their devices operate at. Especially at Choate, where technology is present in nearly every facet of our lives, devices meet our demands at seemingly instant rates. However, this comes with certain costs: The mechanisms that permit high speed operation make devices susceptible to security breaches.
Shortly after break, the community received an alarming email from Information and Technology Services (ITS), warning about Meltdown and Spectre. Meltdown and Spectre are security vulnerabilities that nearly all iPhone, iPad, and computer processors have. More specifically, Meltdown refers to issues with Intel processors, while Spectre applies to almost all processors.
A member of ITS, Manager of Infrastructure Mr. Tom Hulley, explained the sources of these vulnerabilities in greater detail. Many processors have a local memory capacity, designed to promote high speed operation of a device. These local memory reserves preload memory from the hard drive or the regular computer memory, anticipating its use. For instance, when one is working on his or her device, such as writing a paper or scrolling through a bank account, that information is stored in the local memory to speed up those processes. Overall, this makes using the device much quicker. However, since information is stored in these local memory reserves, it becomes much more susceptible to security breaches. In a nutshell, Mr. Hulley said, “It’s a design flaw.” However, he assured that still “there are not that many programs or websites out there taking advantage of it.”
Mr. Hulley expressed the concerns he has for the Choate community in the context of Meltdown and Spectre: “We don’t want your information getting out; even if it’s just a term paper, you don’t want anything exposed.” As the School holds student information, such as addresses and names, ITS is doing everything necessary to prevent any information exploits from affecting the community. In addition, Mr. Hulley also commented on the financial information that the School holds. The School Store, for example, processes credit cards and debit cards, and it is essential to prevent any of that information from being released. As a side note, although there is certain information at a high risk, no social security numbers are stored on campus.
Mr. Andrew Speyer, the Director of Information and Technology Services, added that another concern surrounding Meltdown and Spectre is ransomware, which is a software that takes over a device and refuses to release data without pay. In addition, if a personal computer is hacked, it could be used to invade Choate’s network.
Several students responded to the measures ITS has taken, specifically to the email Mr. Speyer sent to the community. Claire Gussler ’19 commented, “I was concerned about my security and acted quickly.”
CiCi Curran ’20 said, “I personally didn’t know much about it, but as soon as I saw it I was nervous. If it can reveal my personal information and banking info, that’s a big deal. That said, I trust ITS and think they’ve got a handle on it. But for the time being I’m being careful with my information and computers.”Other students were less worried. Regarding the email that Mr. Speyer sent out, Jack Fiala ’19 said, “I just ignored it.”
To lessen the chance that Meltdown and Spectre affect the Choate community, ITS strongly encourages all users to update their devices, regardless of whether they are personal or school owned. Mr. Hulley commented on the reasoning behind these requests: “All the manufacturers — Microsoft, Apple, Google — they’re all updating their software to prevent this. The sooner everybody updates their devices, the sooner they’re protected from the exploits that we know will be coming down the road.” Mr. Hulley added that updates are beneficial regardless of any imminent threats: “It’s always a good idea to keep your software current because there are security updates not only for these flaws, but those that come out all the time.” Aside from updating devices regularly, there are many other ways in which the community can maintain its security. Mr. Hulley advised students to refrain from using websites that aren’t reputable. Lastly, he warned of fake updates, which ITS actively tries to prevent. According to Hulley, “We try to train our faculty and staff on what’s real and what’s not.”
ITS has taken several measures itself to prevent security vulnerabilities, such as updating all of its internal systems; each time a system’s manufacturer releases a security update, ITS is quick to install it. ITS also continues to update its firewall daily and has updated its servers. Furthermore, it assists members of the community who are uncomfortable updating their devices by themselves. Lastly, ITS has been actively updating computers in laboratories across campus.
Mr. Hulley assured, “It’s good that this came out before there were a lot of exploits.” ITS plans to continue working on its end to ensure maximum protection. In addition, it hopes that students recognize the urgency in acting to prevent future issues.
