Major computer chip security flaws affect billions of devices

News

In Ultra Modern Electronic Manufacturing Factory Design Engineer in Sterile Coverall Holds Microchip with Gloves and Examines it.

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

Two major flaws in computer chips could leave a huge number of computers and smartphones vulnerable to security concerns, researchers revealed Wednesday.

And a U.S. government-backed body warned that the chips themselves need to be replaced to completely fix the problems.

The flaws could allow an attacker to read sensitive data stored in the memory, like passwords, or look at what tabs someone has open on their computer, researchers found. Daniel Gruss, a researcher from Graz University of Technology who helped identify the flaw, said it may be difficult to execute an attack, but billions of devices were impacted.

Called Meltdown and Spectre, the flaws exist in processors, a building block of computers that acts as the brain. Modern processors are designed to perform something called “speculative execution.” That means they predict what tasks they will be asked to execute and rapidly access multiple areas of memory at the same time.

That data is supposed to be protected and isolated, but researchers discovered that in some cases, the information can be exposed while the processor queues it up.

Researchers say almost every computing system — desktops, laptops, smartphones, and cloud servers — is affected by the Spectre bug. Meltdown appears to be specific to Intel chips.

“More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors,” the researchers said.

Government agencies issued statements warning users about the vulnerabilities.

The U.S. Computer Emergency Readiness Team said that while the flaws “could allow an attacker to obtain access to sensitive information,” it’s not so far aware of anyone doing so.

The agency urged people to read a detailed statement on the vulnerabilities by the Software Engineering Institute, a U.S.-government funded body that researches cybersecurity problems.

The institute said that “fully removing the vulnerability requires replacing vulnerable [processor] hardware.”

It said the problems affect technology giants including Apple, Google and Microsoft.

The U.S. Computer Emergency Readiness Team recommended that users read advice posted online by Microsoft and software company Mozilla.

The U.K.’s National Cyber Security Center advised organizations and individuals to “continue to protect their systems from threats by installing patches as soon as they become available.”

Google programmer Jann Horn of Project Zero was one of the researchers who discovered the flaws. In a blog post, he said his group alerted chipmakers to the issues in June. Since last fall, security researchers and companies have investigated and updated software systems to address the flaws.

Intel chips are found in everything from personal computers to medical equipment. The company’s shares were down 3% on Wednesday.

The company said in a press release that “many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.”

Intel said it is working with other chipmakers, including AMD and ARM Holdings, to solve the issue. ARM said in a statement a small subset of its processors are susceptible to the flaws. AMD said in a statement there is a “near zero risk of exploitation” for one of the security issues, due to architecture differences.

A fix requires both the chip manufacturers and software makers to update their products before pushing it out.

Estimates posted on Linux message boards suggested computer performance could slow down between 5% and 30% once patched, however Intel said users will not see significant performance changes.

Tech website The Register was first to report the processor flaws on Tuesday.

A spokesperson for Microsoft told CNNMoney the company is aware of the issue and is in the process of deploying mitigations to cloud services and has released security updates to protect Windows users.

Google’s Cloud Platform has been updated to prevent the vulnerabilities, the company said.

Amazon said in a statement most of its cloud computing machines affected by the flaw are already protected, but it is updating the rest on Wednesday.

Researchers said patches were available for Apple’s OS X. The company did not respond to a request for comment.

It’s important for all users to update their devices when new updates are released.

Flaws in chips are unusual. Back in 1994, a major error in Intel’s Pentium processor caused computers to incorrectly calculate results.

Trademark and Copyright 2021 Cable News Network, Inc., a Time Warner Company. All rights reserved.

About FOX 2 News

FOX 2 and KPLR 11 in St. Louis cover the news in Missouri and Illinois. There are over 68 hours of live news and local programming on-air each week. Our website and live video streams operate 24/7. Download our apps for alerts and follow us on social media for updates in your feed.

President Harry Truman said: “It is amazing what you can accomplish if you do not care who gets the credit.” That spirit is alive and well at Fox 2. Our teamwork is on display each and every day.

Our news slogan is: “Coverage You Can Count On.” We quite frankly are too busy to worry about who gets the credit. Our main concern is serving the viewer.

We go where the stories take us. Whether it be Washington, D.C when a Belleville man opened fire during a congressional baseball game practice or to Puerto Rico where local Ameren crews restored power after more than 5 months in the dark.

Coverage You Can Count On means “Waking up your Day” with our top-rated morning show. From 4:00 am-10:00 am we are leading the way with breaking news. But our early morning crew also knows how to have some fun! Our strong commitment to the communities we serve is highlighted with our Friday neighborhood shows.

Our investigative unit consists of three reporters. Elliott Davis focuses on government waste, Chris Hayes is our investigative reporter, and Mike Colombo is our consumer reporter. They work in unison with the news department by sharing resources and ideas.

We continue to cover breaking news aggressively and relied on our seasoned journalists to make a difference with the stories we covered. The shooting of Arnold Police Officer Ryan O’Connor is just one example of that. Jasmine Huda was the only reporter who had exclusive access to the O’Connor family during his amazing rehabilitation in Colorado.

Last, but certainly not least, FOX 2 and KPLR 11 are committed to covering local politics. We host debates among candidates and have the most extensive presidential election coverage. Our commitment to politics isn’t just during an election year. We produce two political shows that air every weekend.

Popular

Latest News

More News