Major Security Flaws Found to Affect Nearly All Computers

Major Security Flaws Found to Affect Nearly All Computers

The vulnerabilities, which were originally believed to only be in Intel chips, affect a variety of chip vendors and could allow hackers to steal the entire memory contents of computers, mobile devices and services running in cloud computer networks.

[UPDATED January 5, 2018, at 9:38 a.m.]

Two major security flaws have been discovered in the microprocessors inside nearly all computers. The vulnerabilities, which were originally believed to only be in Intel chips, affect a variety of chip vendors and could allow hackers to steal the entire memory contents of computers, mobile devices and services running in cloud computer networks.

The two security flaws, called Meltdown and Spectre, allow programs to read and steal data from other programs on a computer. This could include stored passwords from a browser or password manager, personal files, important documents and online communication like emails.

Software patches can help with Meltdown, and Microsoft and Google have already issued emergency patches, though they could slow the performance of devices by as much as 20 to 30 percent.

Spectre, unfortunately, won’t be as simple to resolve. Researchers believe it’s a more difficult flaw to exploit, but it affects most microprocessors now in use, and there is no known fix. Some experts believe it could ultimately warrant a complete redesign of hardware, an expensive task.

“We’re talking about an average, $1,000 per computer versus a free software patch,” said Devon Ackerman, associate managing director of the cybersecurity and investigations practice at risk mitigation firm Kroll. “Basically, I am replacing the entire computer with something that is a newer generation, something that is no longer susceptible to this exploit at a hardware level.”

As a result, Spectre may not be solvable until new chips hit the market. Paul Kocher, the president and chief scientist at Cryptography Research, a division of Rambus, said the threat from Spectre is “going to live with us for decades.”

“This will be a festering problem over hardware life cycles. It’s not going to change tomorrow or the day after,” Kocher said. “It’s going to take a while.”

Both the U.S. Department of Homeland Security and Britain’s National Cyber Security Centre are monitoring the situation with both vulnerabilities but say they have not yet seen evidence that the flaws are being exploited.

Original story below.

A hardware bug may make all computers with Intel Corp. chips from the last decade vulnerable to hackers, according to a report released by The Register on Tuesday. Fixing the bug will require patching at the operation system level.

The circumstances of the security exploit have not been publically released due to security concerns, but the bug is related to the way regular apps and programs can access the contents of protected kernel memory and could be present on Intel processors made in the past 10 years. Hackers could potentially exploit security weaknesses to access security keys, passwords and other files in protected kernel memory.

The fix appears to be to implement Kernel Page Table Isolation, making the kernel essentially invisible to running process. Unfortunately, patching the operating system and updating the security could slow down older machines by between 5 and 30 percent, according to the Register.

The Register’s report said that programmers have been working since November on a software patch that addresses the issue. Linux patches and a partial fix for the bug in macOS have been rolled out, and Microsoft is expected to release a fix soon.

About the Author

Jessica Davis is the Associate Content Editor for 1105 Media.

Featured

Featured Cybersecurity

Webinars

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3