Computer chip 'flaw' sparks security debate amid scramble for

A newly discovered vulnerability in computer chips has raised concerns that hackers could access sensitive data on most modern systems, as technology firms sought to play down the security risks.

Chip giant Intel issued a statement responding to a flurry of warnings surfacing after researchers discovered the security hole which could allow privately stored data in computers and networks to be leaked.

Intel labeled as incorrect reports describing a "bug" or "flaw" unique to its products.

Intel chief executive Brian Krzanich told CNBC that "basically all modern processers across all applications" use this process known as "access memory," which was discovered by researchers at Google and kept confidential as companies work on remedies.

Google, meanwhile, released findings from its security researchers who sparked the concerns, saying it made the results public days ahead of schedule because much of the information had been in the media.

The security team found "serious security flaws" in devices powered by Intel, AMD and ARM chips and the operating systems running them and noted that, if exploited, "an unauthorised party may read sensitive information in the system's memory such as passwords, encryption keys, or sensitive information open in applications."

"As soon as we learned of this new class of attack, our security and product development teams mobilised to defend Google's systems and our users' data," Google said in a security blog.

"We have updated our systems and affected products to protect against this new type of attack. We also collaborated with hardware and software manufacturers across the industry to help protect their users and the broader web."

The Google team said the vulnerabilities, labeled "Spectre" and "Meltdown," affected a number of chips from Intel as well as some from AMD and ARM, which specializes in processors for mobile devices.

Intel said it was working with AMD and ARM Holdings and with the makers of computer operating software "to develop an industry-wide approach to resolve this issue promptly and constructively."

"Intel believes these exploits do not have the potential to corrupt, modify or delete data."

Jack Gold, an independent technology analyst, said he was briefed in a conference call with Intel, AMD and ARM on the issue and that the three companies suggested concerns were overblown.

"All the chips are designed that way," Gold said.

"Every modern architecture takes advantage of that design to make things run faster," Gold said.

The companies were working on remedies after "some researchers found a way to use existing architecture and get into protected areas of computer memory and read some of the data," Gold said.

Microsoft said in a statement it had no information suggesting any compromised data.

The company said it is "releasing security updates today to protect Windows customers against vulnerabilities affecting supported hardware chips from AMD, ARM, and Intel."

AMD and ARM did not immediately respond to AFP requests for comment.

Earlier this week, some security researchers said any fix - which would need to be handled by software - could slow down computer systems, possibly by 30 percent or more.

Intel's statement said these concerns, too, were exaggerated.

"Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time," the company statement said.

Earlier yesterday, Tatu Ylonen, security researcher at SSH Communications Security, noted that the flaw, if exploited, could allow hackers to gain access to private data, including passwords, banking data and encrypted or classified information.

The patch "will be effective" but it will be critical to get all networks and cloud services upgraded, Ylonen said.

"There are thousands of small cloud providers and all of them will need to upgrade," he said.

British security researcher Graham Cluley also expressed concern "that attackers could exploit the flaw on vulnerable systems to gain access to parts of the computer's memory which may be storing sensitive information. Think passwords, private keys, credit card data."

Cluley said in a blog post that it was "good news" that the problem had been kept under wraps to allow operating systems such as those from Microsoft and Apple to make security updates before the flaw is maliciously exploited.

"The bad news is that no-one likes to make such low level security updates, particularly under such time-sensitive conditions," Cluley said.

"Inevitably some businesses will find themselves disrupted by the process.

(This story has not been edited by Business Standard staff and is auto-generated from a syndicated feed.)

Dear Reader,


Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.

We, however, have a request.

As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.

Support quality journalism and subscribe to Business Standard.

Digital Editor

Business Standard is now on Telegram.
For insightful reports and views on business, markets, politics and other issues, subscribe to our official Telegram channel