Major hardware flaws make computers, smartphones a security risk

Share

The security flaws, dubbed Meltdown and Spectre, affect nearly all devices running Intel, ARM and AMD processors, according to the researchers who revealed their findings. He had attempted to read protected kernel data using a quirk of how modern processors keep busy while waiting for slow compute processes to get their data. Since last fall, security researchers and companies have investigated and updated software systems to address the flaws.

Here's a look at what's affected, what's being done about it and whether you should worry. Meltdown specifically targets desktop, laptop and cloud computers and almost all Intel processors since 1995, with some exceptions. While Meltdown is being patched presently, and is substantively easier to exploit than Spectre, there is at present no solution to Spectre other than hardware replacement.

Yesterday (3 January), we reported that Intel processors made in the last decade may have a fundamental design flaw that affects the security of Windows and Linux-based systems.

Computer chipmaking giant Intel - the focus of the first reports on the flaw - said the company and its partners "have made significant progress in deploying updates" to mitigate any threats. Tech companies typically withhold details about security problems until fixes are available so that hackers wouldn't have a roadmap to exploit the flaws.

News of the weakness, found past year and reported Tuesday by The Register technology blog, weighed on shares of Intel, the biggest semiconductor maker, while boosting rivals including Advanced Micro Devices.

While speculation about Meltdown was present before the official disclosure, there were few public indications about the Spectre issues, which are potentially significantly more troublesome. Both vulnerabilities can be exploited through Javascript, so short of downloading compromised apps, malicious websites are likely the biggest immediate threat.

Rise Of Perfectionism Among Millennials May Lead To Depression, Eating Disorders
For example, in 1976, about half of high school seniors expected to earn a college degree, compared with 80 percent in 2008. FMI: An abstract of the study can be found on Psychological Bulletin's website , but the full study is behind a paywall.

Shares in rival Advanced Micro Devices Inc climbed 4.9 percent as investors speculated the No. 2 maker of microprocessors would woo customers away from Intel. "It is still too early to tell how many devices or which particular models will be affected most as the security issues were only discovered days ago", Jia said. By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years. AMD chips are also common in PCs, while ARM chips are found in many smartphones and other internet-connected products, including cars and home appliances.

Google's Project Zero researchers have broken an agreed embargo to lay bare details of a serious CPU vulnerability affecting multiple chipmakers' products and the devices and operating systems running on them.

ARM Holdings said it's working with Intel, AMD and operating system vendors to address the problem. The second also affects AMD and some ARM chips, and means hackers could trick applications into giving up information. Furthermore, process context identifiers (PCID) support enabled on your hardware and kernel would minimize the performance hit.

Apple on Thursday released a statement saying that all of its Mac and iOS devices are affected by the flaws. The widespread attention to this "speculative execution"-style attack is forcing companies to put out patches to protect their consumers".

Advice from the U.S Computer Emergency Readiness Team's was grim. Intel last year said it would spend $7 billion on a USA factory, and it had already started building the facility years ago.

That's not to say nothing can be done. Depending on your computer's age, some OEM might not make these firmware updates available, meaning you'll be stuck with an incomplete Spectre patch. The OS providers are patching the flaws. Mozilla says it's also implementing a short-term mitigation that disables some capabilities of its Firefox browser. Google's Pixel phones will receive it automatically, while owners of other Android devices are at the mercy of their device manufacturers and wireless carriers, which decide when updates are rolled out.

Share