Almost all phones, computers at risk from Meltdown and Spectre flaws

Last Updated: Thu, Jan 04, 2018 16:09 hrs
Apple

Security experts have revealed two major security flaws in microprocessors, which could allow hackers to steal information from all computing devices runnings on chips made by Intel Corp, Advanced Micro Devices (AMD) Inc and ARM Holdings.

The first flaw, codenamed 'Meltdown', affects only devices powered by Intel processors. The other, Spectre, can hit computers, smartphones, tablets and internet servers powered not just by Intel, but by AMD and ARM too.

The flaws could allow hackers to read sensitive stored information - like passwords or credit card data - and steal it too.

There could be a patch for Meltdown. It, though, according to tech Website The Register which broke the story, will cause Intel chips to become 5%-30% slower.

A site dedicated to the Meltdown and Spectre threat explained that "Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent specific known exploits based on Spectre through software patches".

The only foolproof solution for Spectre is a drastic one - getting your CPU changed, something the CERT Division of Carnegie Mellon University's Software Engineering Institute underlined. But that sadly is not the whole truth. Since all CPUs are currently incapable of preventing Spectre, even this solution is not the real deal at the moment.

CERT published a list of affected vendors.

Google, whose researcher Jaan Horn was among those who discovered the flaws, says that Android phones that run the latest security updates will be protected. Gmail users will remain safe, while users of its Chromebooks, Chrome web browser and many of its Google Cloud services will need to install updates. But

New York Times reporter Nicolas Perlroth explained the flaws in detail in a twitter thread, where he observed, "Christmas didn't come for the computer security industry this year. A critical design flaw in virtually all microprocessors allows attackers to dump the entire memory contents off of a machine/mobile device/PC/cloud server etc."

"Phones, PCs, everything are going to have some impact, but it'll vary from product to product," Intel CEO Brian Krzanich confirmed in a CNBC interview on Wednesday afternoon.

Krzanich came under fire when it emerged that he had sold $24 million in Intel stock on November 29 and held back just the mandatory 250000 shares at a time when Intel knew of the vulnerabilities, but the wider world did not.

Intel earlier drew criticism from The Register for its reluctance to comment on the issue despite repeated attempts. The tech website, however, commended AMD and ARM ("doubly so") for responding with info.

Linux founder Linus Trovalds also was scathing in his criticism for Intel:



More from Sify: