Chip design flaw bigger than first thought – billions of Intel and AMD-powered devices are vulnerable to hackers

Thursday, January 11, 2018 by

Researchers from Project Zero, a team of security analysts under Google, have uncovered two computer chip security flaws that could potentially impact millions. Known as Meltdown and Spectre, these exploits first came to light in early 2018 but were already the subject of speculation in late 2017. According to the DailyMail.co.uk,, they only recently became public after they were covered in a news report, forcing companies such as Intel to admit the existence of these flaws.

Although both Meltdown and Spectre affect microprocessor hardware, they’re two very different things. Meltdown can potentially allow hackers to access a computer’s kernel memory, the portion of an operating system that takes care of memory, disk, and process and task management. Gaining entry to this area means obtaining all data, including but not limited to passwords. Intel processors, certain ARM system on a chip (SoC) processors, and Apple’s A series processors are all vulnerable to Meltdown.

Daniel Gruss, a researcher from the Graz University of Technology and one of the people who discovered Meltdown, has described it as “probably one of the worst CPU bugs ever found.” Software patches can stop Meltdown, but it can cause severe problems in the short term. Moreover, Gruss’ colleague Michael Schwarz was able to demonstrate how Meltdown could be easily used to steal passwords.

On the other hand, Spectre has a broader reach since it can affect nearly every modern processor, like those used in smartphones, car systems, smart TVs, and even baby monitors. As long as these devices have been equipped with chips from Intel, ARM, and AMD, hackers could fool them into releasing sensitive information by executing instructions. Some experts have stated that taking advantage of Spectre is said to be more difficult, but patching the issues is easier said than done. (Related: Fatal security flaw discovered in software that controls U.S. power plants.)

The affected companies were allegedly informed about the security flaws last year. Google has come forward to state that it reported Meltdown before July 28, 2017, while Spectre was revealed much earlier. The company added that Intel, AMD, and, ARM had planned on disclosing these problems on Jan. 9 of this year.

As per AndroidCentral.com, only very old computers, phones, and tablets are safe from these exploits. However, various companies have taken the necessary steps to protect their operating systems. Google, in particular, has patched Android and Chromebooks, and have released a new security feature named Site Isolation for Chrome OS devices. Microsoft and Apple have patched Meltdown and Spectre, while patches for Linux operating systems like Ubuntu and Red Hat are available through software updates.

How to protect yourself

Following these safe practices can provide an extra layer of protection against Spectre and Meltdown, both of which can affect devices through the installation of malware.

  • Use web browsers that block malware — Any web browser that defends against web-based malware is ideal. Make it a point to check your installed extensions as well to see if they pose any possible security risks.
  • Be wary of any links you’re sent — Ensure that your web browser is trusted and secured before you click on any links sent your way, even if they’re from people you know. Be extra cautious of any redirect links that hide site URLs.
  • Only download and install software from trusted sources — This is a must, especially if you’re looking for a patch.

Visit CyberWar.news to read up on more tips and tricks on keeping your computers and smartphones safe from harm.

Sources include:

DailyMail.co.uk

AndroidCentral.com



Comments

comments powered by Disqus

×
Please Like our Facebook Page
Show us your support by liking our page!
Close This Box