Are you at risk of being HACKED? Computer chip flaw that will ‘haunt us for years’ exposed
A COMPUTER chip flaw that will “haunt us for years” has been exposed as technology firms scramble to find a solution.
Getty
Daniel Gruss, a researcher who helped to compile a report that details the issue, stated that “an attacker might be able to steal any data on the system”.
He added that the attacks are “going to haunt us for years”.
The weakness, discovered by Google researchers, found two vulnerabilities named “Meltdown” and “Spectre” that are present on “many modern processors” including chips made by Intel, Advanced Micro Devices (AMD) and ARM.
This allows hackers to steal data from the memory of a device - this could include passwords, emails, photos, and documents, according to the paper.
Related articles
It reads: “We have discovered that CPU data cache timing can be abused to efficiently leak information out of misspeculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts.
“Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, we have exploits that work against real software. We reported this issue to Intel, AMD and ARM on 2017-06-01.”
A document accompanying the research paper added: "Meltdown is not only limited to reading kernel memory but it is capable of reading the entire physical memory of the target machine.”
The biggest cyber-attacks, hacks and data breaches
Sat, May 13, 2017From viruses to data breaches, cyber-crime is far from a modern invention - here is Express.co.uk's list of some of the biggest attacks in history.
14 of the biggest cyber-attacks, hacks and data breaches in history
Another declared: “Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim’s confidential information via a side channel to the adversary.”
Operating systems running on Intel processors are susceptible to the flaw - this includes Windows, macOS and Linux.
Chips are responsible for handling vital information - hackers could grab the slew of data when a processor temporarily makes it accessible outside of the chip.
Following the reveal of the vital compromise, technology companies unanimously issued statements in an attempt to calm public fears.
Intel said: “Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.
“Recent reports that these exploits are caused by a ‘bug’ or a ‘flaw’ and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.
“Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively.
“Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available.”
AMD added: "The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants. Due to differences in AMD's architecture, we believe there is a near zero risk to AMD processors at this time."
Getty
Microsoft stated that since being informed of the flaw it has been “working closely with chip manufacturers to develop and test mitigations to protect our customers” and is “in the process of deploying mitigations to cloud services and are releasing security updates today to protect Windows customers against vulnerabilities."
The researchers created a “Questions and Answers” segment on their website that details the differences between the two flaws.
It reads: “There are patches against Meltdown for Linux ( KPTI (formerly KAISER)), Windows, and OS X. There is also work to harden software against future exploitation of Spectre, respectively to patch software after exploitation through Spectre.
Getty
“Desktop, Laptop, and Cloud computers may be affected by Meltdown. More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013).
“Almost every system is affected by Spectre: Desktops, Laptops, Cloud Servers, as well as Smartphones. More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors.
“Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory. Spectre tricks other applications into accessing arbitrary locations in their memory. Both attacks use side channels to obtain the information from the accessed memory location.”
