Can this “unhackable” processor be hacked?
Researchers from the University of Michigan claim to have invented an unhackable processor. The team designed a computer processor called Morpheus, which can change its microarchitecture every few hundred milliseconds, making it almost impossible to hack. How does this new technology work? And should hackers start packing their suitcases and looking for another occupation?
What do we know about Morpheus?
If you take any program, it will almost definitely have smaller or bigger bugs that can be exploited by hackers. Since computer hardware runs software and is responsible for all background processes, Morpheus can protect software running on its hardware.
Morpheus turns the system into a puzzle by encrypting pointers — references to locations in memory. The processor is always changing itself and it’s never the same, so hackers don’t have time to break the encryption. There’s a time limit after which the algorithms change and criminals are left with nothing.
In 2020, almost 600 cybersecurity professionals spent 13,000 hours trying to hack Morpheus, but they all failed.
Can Morpheus be hacked?
Morpheus can stop side channel attacks like the infamous Spectre and Meltdown, and can prevent hackers from injecting malicious code into your machine. However, it’s incapable of stopping attacks that target your web server. What kind of attacks is Morpheus unable to stop?
- SQL injection. If a website or an application is not properly protected, hackers can sneak malicious code into the system and execute commands. Then they can steal the whole database, spoof identities, or become administrators on a server.
- SSL stripping. This is a type of man-in-the-middle attack which downgrades your connection from https to http. A hacker then establishes an https connection with the server and an http connection with a user, acting as a “middle man”. One of the most common ways to launch an SSL stripping attack is to create a fake Wi-Fi hotspot.
- Spear phishing is an attack on a particular individual or organization. Criminals research their targets well, so they can find the best way to approach them. Usually, they send a legitimate looking email with a malicious link or attachment, which could compromise your accounts and lead to data theft.
How can criminals hack you?
While Morpheus is a powerful technology, users running devices with this new hardware can still get in trouble online. If you download malware on your laptop by accident, connect to a malicious hotspot, and roam the internet without common sense, even the most powerful processor won’t save you.
And don’t forget data breaches. In 2019, 15.1 billion records were exposed worldwide, and many companies failed to protect their users’ data. If you use the same password for all accounts and it’s published on a hacking forum, Morpheus won’t offer much protection.
Technologies evolve, but so does cybercrime. Online attacks are getting more sophisticated and you can never be sure when or how you’ll become a victim. However, there are a couple of things you can do to mitigate the risk of getting hacked in the first place.
Tips to protect yourself online
- Update your software on time. While Morpheus could stop hackers from exploiting security vulnerabilities, as for now it’s a good idea to update your software on time. Otherwise, a bug that has been patched a while ago can be exploited to hack you.
- Use strong passwords. Always use uppercase and lowercase letters, combined with special characters and numbers to create unique passwords. Since it’s hard to remember multiple passwords, get yourself a password manager like NordPass to help you with this task.
- Don’t click on suspicious links or attachments. Phishing is one of the most common methods used to infect devices with malware and steal sensitive information. Thoroughly examine every email and text message you receive, even from contacts you know. Don’t follow links from unknown senders.
- Enable two-factor authentication (2FA). While protecting your account with a unique password is important, 2FA adds an extra step into the login process, as you have to authenticate yourself via app, SMS, or a token.
- Use a VPN. A virtual private network encrypts your data and masks your IP address, enhancing your security and privacy. It’s especially important to enable a VPN when connecting to public networks. With one NordVPN account, you can protect up to 10 devices: laptops, routers, smartphones, tablets, and even your Android TV. NordVPN also has the Threat Protection Pro feature. It helps you identify malware-ridden files, stops you from landing on malicious websites, and blocks trackers and intrusive ads on the spot.