New security flaw in Intel chips could affect millions


  • TECH
  • Wednesday, 15 May 2019

FILE- This Jan. 1, 2018, file photo shows an Intel logo on the box containing an HP desktop computer on sale at a Costco in Pittsburgh. Intel Corp. reports earns on Thursday, April 25, 2019. (AP Photo/Gene J. Puskar, File)

SANTA CLARA, California: Intel has revealed another hardware security flaw that could affects millions of machines around the world. 

The bug is embedded in the architecture of computer hardware, and it can’t be fully fixed.  

“With a large enough data sample, time or control of the target system’s behavior,” the flaw could enable attackers to see data thought to be off-limits, Bryan Jorgensen, Intel’s senior director of product assurance and security, said in a video statement.  

But Intel said Tuesday there’s no evidence of anyone exploiting it outside of a research laboratory. “Doing so successfully in the real world is a complex undertaking,” Jorgensen said. 

It’s the latest revelation of a hard-to-fix vulnerability affecting processors that undergird smartphones and personal computers. Two bugs nicknamed Spectre and Meltdown set a panic in the tech industry last year. 

Intel said it’s already addressed the problem in its newest chips after working for months with business partners and independent researchers. It’s also released code updates to mitigate the risk in older chips, though it can’t be eliminated entirely without switching to newer chips. 

Major tech companies Google, Apple, Amazon and Microsoft all released advisories Tuesday to instruct users of their devices and software, many of which rely on Intel hardware, on how to mitigate the vulnerabilities. 

As companies and individual citizens increasingly sign their digital lives over to “the cloud” – an industry term for banks of servers in remote datacentres – the digital gates and drawbridges keeping millions of people’s data safe have come under increasing scrutiny.  

In many cases, those barriers are located at the level of central processing unit, or CPU – hardware that has traditionally seen little attention from hackers. But last year the processor industry was shaken by news that Spectre and Meltdown could theoretically enable hackers to leapfrog those hardware barriers and steal some of the most securely held data on the computers involved. 

Although security experts have debated the seriousness of the flaws, they are onerous and expensive to patch, and new vulnerabilities are discovered regularly.  

Bogdan Botezatu, director of threat research for security firm Bitdefender, said the latest attack was another reason to question how safe users can really be in the cloud.  

“This is a very, very serious type of attack,” Botezatu said. “This makes me personally very, very sceptical about these hardware barriers set in place by CPU vendors.” 

Intel said it discovered the flaw on its own, but credited Bitdefender, several other security firms and academic researchers for notifying the company about the problem. 

Botezatu said Bitdefender found the flaw because its researchers were increasingly focused on the safety and management of virtual machines, the term for one or more emulated mini-computers that can be spun up inside a larger machine – a key feature of cloud computing. – AP

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3
Join our Telegram channel to get our Evening Alerts and breaking news highlights

Intel; cybersecurity

   

Next In Tech News

Epic Games opposes Apple's effort to pause antitrust trial orders
Human smugglers using TikTok, other social media to recruit drivers for Texas runs
Amid air quality concerns, US districts embrace electric buses
Opinion: A Facebook rebrand could be a huge risk
Canada competition bureau has court order for Google advertising probe - statement
Canada criticizes proposed U.S. EV tax credit, says could harm auto sector
BMW to phase out fossil-fuel burning engines from main plant by 2024
G7 countries reach breakthrough on digital trade and data
Lyft records more than 4,000 sexual assault cases in long-overdue safety report
GM more than halfway through shipping pickup trucks parked due to lack of chips-exec

Others Also Read


Vouchers