Major chip flaws affect billions of devices

Two major flaws in computer chips could leave a huge number of computers and smartphones vulnerable to security conce...

Posted: Jan 4, 2018 2:09 PM
Updated: Jan 4, 2018 2:09 PM

Two major flaws in computer chips could leave a huge number of computers and smartphones vulnerable to security concerns, researchers revealed Wednesday.

And a U.S. government-backed body warned that the chips themselves need to be replaced to completely fix the problems.

The flaws could allow an attacker to read sensitive data stored in the memory, like passwords, or look at what tabs someone has open on their computer, researchers found. Daniel Gruss, a researcher from Graz University of Technology who helped identify the flaw, said it may be difficult to execute an attack, but billions of devices were impacted.

Called Meltdown and Spectre, the flaws exist in processors, a building block of computers that acts as the brain. Modern processors are designed to perform something called "speculative execution." That means they predict what tasks they will be asked to execute and rapidly access multiple areas of memory at the same time.

Related: The year tech took a dark turn

That data is supposed to be protected and isolated, but researchers discovered that in some cases, the information can be exposed while the processor queues it up.

Researchers say almost every computing system -- desktops, laptops, smartphones, and cloud servers -- is affected by the Spectre bug. Meltdown appears to be specific to Intel chips.

"More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors," the researchers said.

Government agencies issued statements warning users about the vulnerabilities.

The U.S. Computer Emergency Readiness Team said that while the flaws "could allow an attacker to obtain access to sensitive information," it's not so far aware of anyone doing so.

The agency urged people to read a detailed statement on the vulnerabilities by the Software Engineering Institute, a U.S.-government funded body that researches cybersecurity problems.

The institute said that "fully removing the vulnerability requires replacing vulnerable [processor] hardware."

It said the problems affect technology giants including Apple, Google and Microsoft.

The U.S. Computer Emergency Readiness Team recommended that users read advice posted online by Microsoft and software company Mozilla.

The U.K.'s National Cyber Security Center advised organizations and individuals to "continue to protect their systems from threats by installing patches as soon as they become available."

Google programmer Jann Horn of Project Zero was one of the researchers who discovered the flaws. In a blog post, he said his group alerted chipmakers to the issues in June. Since last fall, security researchers and companies have investigated and updated software systems to address the flaws.

Related: Hackers take advantage of bitcoin's wild ride

Intel chips are found in everything from personal computers to medical equipment. The company's shares were down 3% on Wednesday.

The company said in a press release that "many types of computing devices - with many different vendors' processors and operating systems - are susceptible to these exploits."

Intel said it is working with other chipmakers, including AMD and ARM Holdings, to solve the issue. ARM said in a statement a small subset of its processors are susceptible to the flaws. AMD said in a statement there is a "near zero risk of exploitation" for one of the security issues, due to architecture differences.

A fix requires both the chip manufacturers and software makers to update their products before pushing it out.

Estimates posted on Linux message boards suggested computer performance could slow down between 5% and 30% once patched, however Intel said users will not see significant performance changes.

Tech website The Register was first to report the processor flaws on Tuesday.

A spokesperson for Microsoft told CNNMoney the company is aware of the issue and is in the process of deploying mitigations to cloud services and has released security updates to protect Windows users.

Related: The hacks that left us exposed in 2017

Google's Cloud Platform has been updated to prevent the vulnerabilities, the company said.

Amazon said in a statement most of its cloud computing machines affected by the flaw are already protected, but it is updating the rest on Wednesday.

Researchers said patches were available for Apple's OS X. The company did not respond to a request for comment.

It's important for all users to update their devices when new updates are released.

Flaws in chips are unusual. Back in 1994, a major error in Intel's Pentium processor caused computers to incorrectly calculate results.

-- Jethro Mullen contributed to this report.

Minnesota Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 21960

Reported Deaths: 908
CountyConfirmedDeaths
Hennepin7421549
Ramsey255198
Stearns195912
Nobles14782
Anoka124156
Dakota116438
Olmsted57010
Washington55329
Kandiyohi4711
Rice3962
Clay38625
Scott3742
Wright2631
Todd2200
Sherburne2172
Mower2061
Carver1822
Benton1672
Steele1440
Martin1265
Blue Earth1191
St. Louis11413
Freeborn970
Pine850
Winona7815
Carlton730
Nicollet716
Cottonwood650
Otter Tail590
Polk592
Watonwan580
Goodhue583
Crow Wing561
Itasca537
Chisago491
Dodge460
Chippewa421
Meeker420
Le Sueur411
Jackson390
Morrison390
Becker370
Lyon360
Murray350
Isanti300
Douglas300
McLeod280
Waseca240
Rock210
Wabasha170
Mille Lacs171
Fillmore171
Swift160
Unassigned159
Pennington140
Brown132
Sibley130
Faribault130
Beltrami120
Wilkin113
Kanabec111
Cass112
Norman110
Pipestone100
Marshall90
Pope80
Wadena80
Aitkin70
Yellow Medicine60
Koochiching60
Renville50
Mahnomen51
Lincoln50
Grant30
Clearwater30
Big Stone30
Red Lake30
Lac qui Parle30
Redwood30
Traverse30
Houston20
Kittson10
Hubbard10
Lake10
Roseau10

Iowa Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 17676

Reported Deaths: 477
CountyConfirmedDeaths
Polk3821112
Woodbury264028
Black Hawk169240
Linn93676
Marshall87511
Dallas86417
Johnson6057
Muscatine54540
Wapello5174
Crawford4872
Tama39824
Scott3419
Louisa3369
Dubuque32316
Jasper25716
Buena Vista2520
Pottawattamie2207
Sioux2040
Washington1848
Wright1240
Plymouth1181
Allamakee1184
Warren1120
Story951
Poweshiek888
Mahaska858
Bremer676
Henry671
Clinton601
Des Moines591
Boone550
Cedar461
Guthrie433
Taylor400
Benton391
Jones360
Monroe354
Clarke350
Iowa330
Osceola320
Shelby310
Clayton313
Buchanan310
Marion300
Webster281
Fayette260
Hamilton250
Madison251
Monona240
Winneshiek230
Cerro Gordo221
Lee210
Davis200
Grundy190
Lyon190
Harrison190
Cherokee180
Floyd181
Jefferson180
Mills160
Delaware150
Butler150
Hancock140
Keokuk140
Greene130
Sac130
Appanoose133
Humboldt130
Ida130
Hardin130
Howard120
Jackson120
Audubon121
Cass110
Clay100
Page100
Winnebago100
Dickinson90
Carroll90
Van Buren90
Chickasaw80
Franklin80
Kossuth80
Emmet70
Adair70
Montgomery60
Union60
Lucas60
Adams50
Ringgold40
Fremont40
Mitchell40
Pocahontas40
Palo Alto30
Worth30
Calhoun20
Unassigned20
Wayne10
Decatur00
Rochester
Overcast
72° wxIcon
Hi: 75° Lo: 61°
Feels Like: 72°
Mason City
Overcast
70° wxIcon
Hi: 76° Lo: 63°
Feels Like: 70°
Albert Lea
Overcast
66° wxIcon
Hi: 73° Lo: 61°
Feels Like: 66°
Austin
Overcast
72° wxIcon
Hi: 76° Lo: 63°
Feels Like: 72°
Charles City
Overcast
70° wxIcon
Hi: 79° Lo: 64°
Feels Like: 70°
spotty pop-up showers and storms for Wednesday & Thursday
KIMT Radar
KIMT Eye in the sky

Latest Video

Image

Partnership provides care packages to Rochester families

Image

Channel One serving more people

Image

Sara's Daybreak Forecast - Wednesday

${item.thumbnail.title}

StormTeam 3: Tuesday's Storm Reports

Image

4th of July Celebration Canceled

Image

Man dies while being arrested in Minneapolis

Image

IA Casinos to Reopen

Image

Paycheck Protection Webinar

Image

Mayor Norton signs emergency order to help restaurant and bar owners

Image

Chris' PM Weather Forecast 5/26

Community Events