Security flaws have been discovered in computer chips from companies including Intel, AMD and ARM Holdings that could leak secret information to hackers.
The two flaws, named Meltdown and Spectre, were discovered by security researchers in Alphabet’s Google Project Zero. The flaws are thought to affect nearly every single computer device made since 1995, including Apple and Microsoft products.
Chip problem one: Spectre
The Spectre flaw was first discovered by the researchers in 2017, with Google reportedly informing the affected companies about Spectre on 1 June. This chip problem could allow hackers to trick applications into giving up secret information. This includes things such as passwords and login keys.
Spectre affects chips developed by AMD, ARM, and Intel.
Chip problem two: Meltdown
The second flaw, Meltdown, affects only chips designed by Intel. This flaw lets hackers bypass the hardware barrier installed between applications and a computer’s memory. This is an issue because it could allow hackers to read a computer’s memory and steal passwords.
One of the researchers from Graz University of Technology who discovered the flaw, Daniel Gruss, told Reuters it was “probably one of the worst CPU [central processing unit] bugs ever found.”
This flaw was reported to Intel after 1 June 2017 but before 28 July 2017.
What are the companies doing about it?
Intel has said it was working on a patch update to the flaws. It also said it was looking to disclose it next week. Google also backed this up, saying Intel and other companies were planning to disclose the chip problems on 9 January 2018.
In a statement, the company said:
“Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively.
“Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”
In addition, Intel also said it believes the flaws “do not have the potential to corrupt, modify or delete data.”
Linux and Microsoft have reportedly developed patches for their products affected by the chip problem. Microsoft’s patch was released yesterday.
Apple has responded to the issue saying that the most recent OS updates for its Mac computers, iPhones, iPads and Apple TVs protect its customers against the Meltdown flaw. It will be releasing a patch for the Spectre flaw, that will affect its Safari web browsers, in the coming days.
Google says the majority of its Android phones, with the most recent security updates, will be fine.
As well, Amazon Web Services has said its servers are already patched or in the process of being patched.
Should I be worried?
Whilst the chip flaws can sound terrifying, according to the UK’s National Cyber Security Centre, there is no evidence of any malicious exploitations being produced for the major platforms.
“The NCSC advises that all organisations and home users continue to protect their systems from threats by installing patches as soon as they become available,” said a spokesperson.
If anyone should be worried, it’s Intel. The company was the biggest chip maker in the world for 24 years until Samsung recently toppled it. The Register, which broke the story, says the bug is present in modern Intel processors produced in the past decade. That’s a lot of chips affected.
The company’s chief executive, Brian Krzanich, is also being regarded with scrutiny after he sold off a large chunk of his shares in the firm.
An SEC filing from last November shows Krzanich sold off over 600,000 shares. This is notable as it occurred after Intel knew about the security flaws.
Intel’s shares fell slightly yesterday from $46.21 to $43.65. They have since recovered to $45.26.,