Date
22 January 2018
One of the security flaws found in semiconductor chips has been described by a researcher as 'probably one of the worst CPU bugs ever found'. Photo: Bloomberg
One of the security flaws found in semiconductor chips has been described by a researcher as 'probably one of the worst CPU bugs ever found'. Photo: Bloomberg

Chip security flaws put virtually all devices at risk: study

Security researchers have disclosed a pair of security flaws that they say could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel, Advanced Micro Devices and ARM, Reuters reports.

One of the bugs is specific to Intel but another affects laptops, desktop computers, smartphones, tablets and internet servers alike, the report said, citing a study conducted by researchers with Google’s Project Zero, in conjunction with academic and industry researchers from several nations.

The first, called Meltdown, affects Intel chips and lets hackers bypass the hardware barrier between applications run by users and the computer’s memory, potentially letting hackers read a device’s memory and steal passwords.

The second, called Spectre, affects chips from Intel, AMD and ARM and lets hackers potentially trick otherwise error-free applications into giving up secret information, according to the report.

Daniel Gruss, one of the researchers at Graz University of Technology who discovered Meltdown, called it “probably one of the worst CPU bugs ever found”.

In an interview with Reuters, Gruss said Meltdown was the more serious problem in the short term but could be decisively stopped with software patches.

Spectre, the broader bug that applies to nearly all computing devices, is harder for hackers to take advantage of but less easily patched and will be a bigger problem in the long term, he said.

According to the report, Apple and Microsoft had patches ready for users for desktop computers affected by Meltdown. 

Intel and ARM insisted that the issue was not a design flaw, but it will require users to download a patch and update their operating system to fix.

“Phones, PCs, everything are going to have some impact, but it’ll vary from product to product,” Intel CEO Brian Krzanich said in an interview with CNBC on Wednesday.

 

Google researchers told Intel of the flaws “a while ago”, he said, adding that Intel had been testing fixes that device makers who use its chips will push out next week.

The flaws were first reported by tech publication The Register. It also reported that the updates to fix the problems could causes Intel chips to operate 5 percent to 30 percent more slowly.

Intel denied that the patches would bog down computers based on Intel chips.

“Intel has begun providing software and firmware updates to mitigate these exploits,” the company was quoted as saying in a statement.

“Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”

Reuters quoted an ARM spokesman as saying that patches had already been shared with the companies’ partners, which include many smartphone manufacturers.

– Contact us at [email protected]

RC

EJI Weekly Newsletter

Please click here to unsubscribe