The security vulnerabilities which have even made the mainstream media this week involved ways of malicious software leveraging how modern, optimised chipsets work in order to gain access to information from other programs on the same phone/computer/tablet. But 'Don't panic!' has never been more appropriate since the chances of anyone breaching your privacy on any phone, let along a Windows device, is vanishingly small.
Let's start with the ARM processors used in the most popular Windows-based smartphones of the last few years. ARM chips are much less vulnerable to Meltdown and Spectre, happily (most of the problems are on the desktop, with Intel chipsets) - in fact, only a handful of the top end ARM-designed processors are affected at all, as ARM itself says and as my table below demonstrates:
|Most used chipsets||Used in||Contains||Vulnerable* to Spectre
and side-channel attacks?
|Snapdragon 210/212||Lumia 650, Wileyfox Pro||4 x Cortex A7||No|
|Snapdragon 400||Lumia 640, 640 XL, 735, 830||4 x Cortex A7
& 2 x Krait 300
|Snapdragon 800||Lumia 930, 1520||4 x Krait 400||No?|
|Snapdragon 808||Lumia 950||
2 x Cortex A57
& 4 x Cortex A53
|Snapdragon 810||Lumia 950 XL||
4 x Cortex A57
& 4 x Cortex A53
|Snapdragon 820||Alcatel IDOL 4S/4 Pro
& HP Elite x3
|4 x Kryo||No?|
* Theoretically vulnerable, at least - the chances of happening to stumble on malware in the Microsoft Store that had somehow slipped through the net AND of the phone having not been already offered the January 2018 security patches is almost zero. [Update] I've added the '?' against some entries because, as you'll see in the comments below, there's some uncertainty as to how much Qualcomm changed the ARM reference designs when it came out with the Krait and Kryo variants. Only Qualcomm knows whether these chips are technically vulnerable and it's not saying (yet)!
So nothing to worry about on the whole then. The only Cortex chip to be affected that's used by any Windows 10 Mobile phone is the A57 and the OS itself has been patched for all to stop exploits.
One element of concern in the press was the effects of OS patching across the board to eliminate speculative execution, i.e. our computers, tablets and phones would slow down. I did do some testing on my phones before and after the recent patches, with inconclusive results. Here's a typical set, taken from the lowly Wileyfox Pro*:
|Fastest times||Before Jan 2018 security patch||After the patch|
|Store opening with all graphics loaded||10.6||10.5s|
|News opening with all graphics loaded||8.3||8.4|
|Planning route in Maps from Reading to Aberdeen||15.6||15.0|
* I guess it would have made most sense to do this on the stated 'vulnerable' 950 XL, but in my haste to apply the patch to that I clean forgot to benchmark anything. Oh well. Anecdotally, I've hammered the 950 XL today and I can't notice any slowdown beyond its normal UI speed.
From looking around the tech world, it seems that patching for Meltdown and Spectre has different impact on performance depending on platform and load, as you'd expect. A server which is already running at 90% load might be hit in a big way, with 20% performance drop, for example**, but an end user computer or phone, with the chipsets only used to a fraction of their potential most of the time and with bottlenecks on SSD speed, card access, RAM and bandwidth, then any performance hit from the new 'safer' OS code is negligible.
Especially under Windows 10 Mobile.
** Some sites have been running benchmark utilities on various platforms, but these are demonstrably unrepresentative of a user's experience.
PS. If anyone reading this has an old 950 or 950 XL in a drawer that hasn't been patched with the January update yet then please do time a few operations before and afterwards and comment below. Data points welcome!