Major chip flaws affect billions of devices

Two major flaws in computer chips could leave a huge number of computers and smartphones vulnerable to security conce...

Posted: Jan 4, 2018 2:09 PM
Updated: Jan 4, 2018 2:09 PM

Two major flaws in computer chips could leave a huge number of computers and smartphones vulnerable to security concerns, researchers revealed Wednesday.

And a U.S. government-backed body warned that the chips themselves need to be replaced to completely fix the problems.

The flaws could allow an attacker to read sensitive data stored in the memory, like passwords, or look at what tabs someone has open on their computer, researchers found. Daniel Gruss, a researcher from Graz University of Technology who helped identify the flaw, said it may be difficult to execute an attack, but billions of devices were impacted.

Called Meltdown and Spectre, the flaws exist in processors, a building block of computers that acts as the brain. Modern processors are designed to perform something called "speculative execution." That means they predict what tasks they will be asked to execute and rapidly access multiple areas of memory at the same time.

Related: The year tech took a dark turn

That data is supposed to be protected and isolated, but researchers discovered that in some cases, the information can be exposed while the processor queues it up.

Researchers say almost every computing system -- desktops, laptops, smartphones, and cloud servers -- is affected by the Spectre bug. Meltdown appears to be specific to Intel chips.

"More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors," the researchers said.

Government agencies issued statements warning users about the vulnerabilities.

The U.S. Computer Emergency Readiness Team said that while the flaws "could allow an attacker to obtain access to sensitive information," it's not so far aware of anyone doing so.

The agency urged people to read a detailed statement on the vulnerabilities by the Software Engineering Institute, a U.S.-government funded body that researches cybersecurity problems.

The institute said that "fully removing the vulnerability requires replacing vulnerable [processor] hardware."

It said the problems affect technology giants including Apple, Google and Microsoft.

The U.S. Computer Emergency Readiness Team recommended that users read advice posted online by Microsoft and software company Mozilla.

The U.K.'s National Cyber Security Center advised organizations and individuals to "continue to protect their systems from threats by installing patches as soon as they become available."

Google programmer Jann Horn of Project Zero was one of the researchers who discovered the flaws. In a blog post, he said his group alerted chipmakers to the issues in June. Since last fall, security researchers and companies have investigated and updated software systems to address the flaws.

Related: Hackers take advantage of bitcoin's wild ride

Intel chips are found in everything from personal computers to medical equipment. The company's shares were down 3% on Wednesday.

The company said in a press release that "many types of computing devices - with many different vendors' processors and operating systems - are susceptible to these exploits."

Intel said it is working with other chipmakers, including AMD and ARM Holdings, to solve the issue. ARM said in a statement a small subset of its processors are susceptible to the flaws. AMD said in a statement there is a "near zero risk of exploitation" for one of the security issues, due to architecture differences.

A fix requires both the chip manufacturers and software makers to update their products before pushing it out.

Estimates posted on Linux message boards suggested computer performance could slow down between 5% and 30% once patched, however Intel said users will not see significant performance changes.

Tech website The Register was first to report the processor flaws on Tuesday.

A spokesperson for Microsoft told CNNMoney the company is aware of the issue and is in the process of deploying mitigations to cloud services and has released security updates to protect Windows users.

Related: The hacks that left us exposed in 2017

Google's Cloud Platform has been updated to prevent the vulnerabilities, the company said.

Amazon said in a statement most of its cloud computing machines affected by the flaw are already protected, but it is updating the rest on Wednesday.

Researchers said patches were available for Apple's OS X. The company did not respond to a request for comment.

It's important for all users to update their devices when new updates are released.

Flaws in chips are unusual. Back in 1994, a major error in Intel's Pentium processor caused computers to incorrectly calculate results.

-- Jethro Mullen contributed to this report.

Huntsville
Few Clouds
79° wxIcon
Hi: 92° Lo: 65°
Feels Like: 82°
Florence
Clear
79° wxIcon
Hi: 93° Lo: 67°
Feels Like: 82°
Fayetteville
Clear
75° wxIcon
Hi: 92° Lo: 65°
Feels Like: 75°
Decatur
Clear
75° wxIcon
Hi: 91° Lo: 65°
Feels Like: 75°
Scottsboro
Broken Clouds
77° wxIcon
Hi: 93° Lo: 68°
Feels Like: 78°
WAAY Radar
WAAY WAAY-TV Cam
WAAY Temperatures

Alabama Coronavirus Cases

Confirmed Cases: 49892

Reported Deaths: 1077
CountyConfirmedDeaths
Jefferson6030162
Mobile4418137
Montgomery4339109
Tuscaloosa254448
Madison19078
Marshall186611
Shelby150924
Lee149437
Morgan12205
Baldwin111410
Walker105127
Elmore98919
Dallas9639
Franklin92216
Etowah88214
DeKalb8416
Chambers65727
Russell6570
Autauga65313
Butler64328
Tallapoosa61669
Unassigned58626
Limestone5741
Houston5526
Cullman5395
Lauderdale5376
Lowndes48022
St. Clair4692
Colbert4656
Pike4595
Escambia4528
Calhoun4365
Coffee4074
Covington39911
Jackson3742
Bullock37010
Barbour3672
Dale3621
Talladega3497
Hale33722
Marengo33011
Wilcox2968
Clarke2946
Winston2893
Chilton2872
Sumter28512
Blount2731
Pickens2556
Monroe2492
Marion24514
Randolph2449
Conecuh2277
Perry2091
Bibb2081
Macon2069
Choctaw20212
Greene1928
Henry1433
Crenshaw1273
Washington1277
Lawrence1170
Cherokee1127
Geneva920
Lamar811
Fayette781
Clay742
Coosa621
Cleburne411
Out of AL00

Tennessee Coronavirus Cases

Confirmed Cases: 57591

Reported Deaths: 710
CountyConfirmedDeaths
Shelby12842214
Davidson12549138
Rutherford332638
Hamilton308837
Sumner180256
Williamson159115
Trousdale15055
Knox14719
Out of TN125610
Wilson109917
Putnam9897
Bradley8894
Robertson88213
Sevier8633
Unassigned8372
Lake6970
Tipton6746
Montgomery6587
Bledsoe6251
Bedford5959
Macon5466
Hamblen4224
Maury4203
Hardeman3814
Fayette3463
Madison3402
Loudon3081
Rhea2940
Blount2803
Dyer2743
McMinn25718
Cheatham2522
Dickson2430
Washington2120
Lawrence2026
Cumberland1964
Anderson1782
Sullivan1782
Lauderdale1723
Gibson1581
Jefferson1571
Monroe1466
Smith1392
Coffee1340
Cocke1260
Greene1232
Hardin1207
Obion1182
Haywood1112
Warren1060
Franklin1043
Marshall1042
Wayne990
Hickman980
McNairy911
Marion904
Giles801
Lincoln800
White803
Hawkins792
Carter771
DeKalb760
Roane750
Weakley691
Overton681
Campbell651
Grundy652
Henderson620
Claiborne610
Unicoi560
Chester530
Carroll511
Polk510
Grainger500
Crockett483
Henry480
Cannon450
Johnson440
Sequatchie430
Jackson410
Humphreys382
Meigs350
Perry350
Morgan291
Decatur280
Stewart260
Fentress250
Scott220
Union200
Houston190
Clay180
Moore170
Benton151
Hancock100
Lewis100
Pickett70
Van Buren70

 

 

Community Events