Huge security flaws in Intel, AMD, ARM chips expose nearly all computers, phones

Chip Security

The tech world has been thrown into a panic over the discovery that there’s been a flaw in Intel processors which has been around for the past 20 years and affected nearly every one of its chips. The company has gone on the defense since the story broke, claiming that it’s not the only one affected by the problem.

The actual bug is being kept under wraps by Intel and its partners to prevent attackers from taking advantage of it. The firm has been aware of the issue for quite a while now, but chose to keep it a secret up until fixes were ready to be rolled out. This is a standard practice for security flaws in order to prevent hackers from exploiting it.

As per The Register, the problem has something to do with how the kernels in an OS interact with the user side of things. Kernels control the entire operating system and allow apps to connect to core hardware such as the memory and processor as and when required.

However, a flaw could allow these programs to bypass kernel access protections and directly read kernel memory. This is potentially disastrous since an attacker could get their hands on passwords, sensitive files and photos, emails, and security keys. There haven’t been any reports of this happening yet, but it’s worrying that it’s been present for so long on millions upon millions of devices.

Also See: Microsoft, Apple fix KRACK Wi-Fi security exploit; Google working on patch

Linux, Windows and Apple are actively releasing software updates to address the issue, but it seems the patches might slow down the performance of machines by up to 30% since programmers are separating kernel mode from user mode completely. Intel is not denying this, but says that the impact won’t be significant for the average computer user and will mitigate over time.

The severity of the performance hit depends entirely on the workload. Intel’s also asserting that these exploits are not unique to Intel products, pointedly mentioning that it’s working with AMD and ARM to come up with an industry-wide solution.

In the wake of the discovery, Google’s Project Zero and others have published a detailed report on the case. It’s calling the security flaws Meltdown and Spectre. The former breaks down the isolation between apps and the OS to directly access the memory and its secrets, while the latter shatters the isolation between different programs to trick applications into spilling secrets.

Meltdown and Spectre aren’t just affecting Windows, Linux, and macOS-running desktops and laptops, but also smartphones and cloud servers. It’s rare for a bug to affect so many devices at the same time, so it would be best to update to the latest security patches as and when they arrive.