Security Breaches Threaten All PCs and Phones
 |
| Intel, Advanced Micro Devices (AMD Stock) |
Intel, Advanced Micro Devices (AMD Stock)
Security researchers have uncovered a set of security vulnerabilities that could allow hackers to steal sensitive information from almost any modern computing device that is equipped with Intel's, Advanced Micro Devices (AMD), or compatible chips. ARM Holdings architecture.
One of the vulnerabilities relates specifically to chips made by Intel over the last ten years and another one affects laptops and desktops, smartphones, tablets and internet servers.
But according to Intel and ARM, the flaw is not a design flaw, even though users must download a patch to update their operating system.
"The phones, the PCs, all are concerned, but the impact will vary from product to product," Intel CEO Brian Krzanich said in an interview with CNBC on Wednesday.
The team of computer security experts at Google's Project Zero, a subsidiary of Alphabet, in collaboration with researchers in several countries, discovered two flaws.
The first, called Meltdown, affects Intel chips and allows hackers to bypass the hardware barrier between user-run applications and computer memory, potentially leaving room for password access, for example. The second, called Spectrum, affects Intel, AMD and ARM chips and potentially allows hackers to seize secret data stored in the memory of applications running on the computer.
CORRECTIVES AVAILABLE
According to the researchers, Apple and Microsoft already have fixes for desktop users affected by Meltdown. Solicited, Microsoft refused to speak and Apple for its part did not respond immediately.
Daniel Gruss, one of the researchers at the Graz University of Technology at the origin of the Meltdown discovery, said it was "probably one of the worst processor bugs ever identified" in an interview with Reuters.
For this expert, Meltdown is the most serious problem in the short term, but could be corrected effectively through software updates.
The Spectrum Fault, however, which affects almost all computing devices, is harder to exploit by hackers, but it is also less easily correctable and will remain a serious problem in the long run, he explained.
Brian Krzanich said on CNBC that Intel had been informed by Google researchers for some time about these flaws and that the group had tested patches coming out next week.
Before the problems were revealed, Google said on its blog that Intel and others intended to disclose them on January 9. Google notified companies affected by the Specter Fault on June 1 and reported the Meltdown Fault after the first case of vulnerability but before July 28.
PC SLOW MOTION
The specialist publication The Register was the first to report the existence of these flaws on Wednesday. She also said that updates to fix problems could slow computers with Intel chips by 5% to 30%.
But Intel disputes this last statement.
"Intel has started providing software and firmware upgrades to mitigate these flaws," said the world's largest manufacturer of PC chips in a statement. "Contrary to some claims, the impact on performance depends on the workload and, for the average user, it should not be significant and will be mitigated over time," adds Intel.
ARM spokesman Phil Hughes said patches had already been shared with partner companies, including many smartphone manufacturers.
"This method only works if some type of malicious code is already running on a device and could at worst result in access to small data from the preferred memory," he said.
The AMD chips are also affected by at least one variant of the disclosed security flaws, but they can be corrected by a software update. Intel's competitor believes there is "almost no risk for AMD products at this time."
Google said on a blog that recently updated Android phones were also protected, including its Nexus and Pixel models. The US group added that no specific action was required for Gmail, but users of Chromebooks, Chrome web browsers, and other Google Cloud services will need to install updates.
Amazon, for its part, has corrected the problem on most of its Internet servers.Dan Guido, General Manager of Trail of Bits, a computer security consulting company, is calling on companies to quickly update their systems, as he expects hackers to quickly develop malware that can exploit these vulnerabilities.
0 comments: