Report: Intel chips have major security flaws, billions of devices affected

A woman passes an Intel logo at a trade fair in Hanover, northern Germany on March 20. On Wednesday, researchers said Intel chips have two major security flaws. Photo by Focke Strangmann/EPA

Jan. 4 (UPI) — Billions of devices might be at risk after researchers found two security flaws inside Intel chips that allow hackers to enter processors and steal sensitive data.

Intel chips have been installed in devices since 1995 and the researchers said every device now contains those security flaws. But the flaws aren’t limited to personal devices. Cloud providers like Amazon Web Services, Microsoft Azure and Google Cloud Platform may also be affected.

The two bugs are called Meltdown and Spectre, with the latter being potentially more widespread.

“Almost every system is affected by Spectre,” researchers said in a report. “Desktops, laptops, cloud servers, as well as smartphones. More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD and ARM processors.”

Meltdown may affect desktop, laptop and cloud computers.

“More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995, except Intel Itanium and Intel Atom before 2013.”

The researchers said they successfully tested Meltdown on Intel processor generations released as early as 2011.

“Currently, we have only verified Meltdown on Intel processors. At the moment, it is unclear whether ARM and AMD processors are also affected by Meltdown,” they said.

The main difference between the two bugs is that Meltdown “breaks the mechanism that keeps applications from accessing arbitrary system memory,” while Spectre “tricks other applications into accessing arbitrary locations in their memory.”

After researchers released their assessment of the bugs, Intel issued a statement that the security flaw is not unique to their chips.

“Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits,” Intel said.

Intel advised people with Intel chips in their devices to contact their operating system vendor or system manufacturer and apply any available updates.

Daniel Gruss, a security researcher who discovered the Meltdown bug, told ZDNet that any data can be accessed through the security flaws.

They are “going to haunt us for years,” he said.

LEAVE A REPLY

Please enter your comment!
Please enter your name here