WEATHER AUTHORITY : Dense Fog Advisory View Alerts

Major chip flaws affect billions of devices

Two major flaws in computer chips could leave a huge number of computers and smartphones vulnerable to security conce...

Posted: Jan 4, 2018 2:09 PM
Updated: Jan 4, 2018 2:09 PM

Two major flaws in computer chips could leave a huge number of computers and smartphones vulnerable to security concerns, researchers revealed Wednesday.

And a U.S. government-backed body warned that the chips themselves need to be replaced to completely fix the problems.

The flaws could allow an attacker to read sensitive data stored in the memory, like passwords, or look at what tabs someone has open on their computer, researchers found. Daniel Gruss, a researcher from Graz University of Technology who helped identify the flaw, said it may be difficult to execute an attack, but billions of devices were impacted.

Called Meltdown and Spectre, the flaws exist in processors, a building block of computers that acts as the brain. Modern processors are designed to perform something called "speculative execution." That means they predict what tasks they will be asked to execute and rapidly access multiple areas of memory at the same time.

Related: The year tech took a dark turn

That data is supposed to be protected and isolated, but researchers discovered that in some cases, the information can be exposed while the processor queues it up.

Researchers say almost every computing system -- desktops, laptops, smartphones, and cloud servers -- is affected by the Spectre bug. Meltdown appears to be specific to Intel chips.

"More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors," the researchers said.

Government agencies issued statements warning users about the vulnerabilities.

The U.S. Computer Emergency Readiness Team said that while the flaws "could allow an attacker to obtain access to sensitive information," it's not so far aware of anyone doing so.

The agency urged people to read a detailed statement on the vulnerabilities by the Software Engineering Institute, a U.S.-government funded body that researches cybersecurity problems.

The institute said that "fully removing the vulnerability requires replacing vulnerable [processor] hardware."

It said the problems affect technology giants including Apple, Google and Microsoft.

The U.S. Computer Emergency Readiness Team recommended that users read advice posted online by Microsoft and software company Mozilla.

The U.K.'s National Cyber Security Center advised organizations and individuals to "continue to protect their systems from threats by installing patches as soon as they become available."

Google programmer Jann Horn of Project Zero was one of the researchers who discovered the flaws. In a blog post, he said his group alerted chipmakers to the issues in June. Since last fall, security researchers and companies have investigated and updated software systems to address the flaws.

Related: Hackers take advantage of bitcoin's wild ride

Intel chips are found in everything from personal computers to medical equipment. The company's shares were down 3% on Wednesday.

The company said in a press release that "many types of computing devices - with many different vendors' processors and operating systems - are susceptible to these exploits."

Intel said it is working with other chipmakers, including AMD and ARM Holdings, to solve the issue. ARM said in a statement a small subset of its processors are susceptible to the flaws. AMD said in a statement there is a "near zero risk of exploitation" for one of the security issues, due to architecture differences.

A fix requires both the chip manufacturers and software makers to update their products before pushing it out.

Estimates posted on Linux message boards suggested computer performance could slow down between 5% and 30% once patched, however Intel said users will not see significant performance changes.

Tech website The Register was first to report the processor flaws on Tuesday.

A spokesperson for Microsoft told CNNMoney the company is aware of the issue and is in the process of deploying mitigations to cloud services and has released security updates to protect Windows users.

Related: The hacks that left us exposed in 2017

Google's Cloud Platform has been updated to prevent the vulnerabilities, the company said.

Amazon said in a statement most of its cloud computing machines affected by the flaw are already protected, but it is updating the rest on Wednesday.

Researchers said patches were available for Apple's OS X. The company did not respond to a request for comment.

It's important for all users to update their devices when new updates are released.

Flaws in chips are unusual. Back in 1994, a major error in Intel's Pentium processor caused computers to incorrectly calculate results.

-- Jethro Mullen contributed to this report.

Mississippi Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 35419

Reported Deaths: 1230
CountyConfirmedDeaths
Hinds290851
DeSoto190019
Madison144638
Jones120349
Harrison113616
Rankin108715
Neshoba104577
Forrest99343
Lauderdale96381
Scott81915
Jackson77519
Washington72213
Copiah65315
Leake63520
Lee61222
Oktibbeha61128
Grenada5949
Warren59421
Holmes58641
Wayne56218
Yazoo5536
Lowndes54813
Lamar5347
Leflore53156
Lincoln52935
Pike49920
Lafayette4974
Sunflower4778
Monroe45635
Panola4486
Covington4355
Bolivar40518
Simpson3933
Attala38424
Newton37510
Tate35213
Adams35120
Pontotoc3466
Marion32712
Claiborne30111
Chickasaw29719
Winston29511
Pearl River28832
Noxubee2788
Jasper2776
Marshall2773
Walthall2627
Clay25811
Union25211
Smith24612
Clarke22325
Coahoma2226
Lawrence2092
Yalobusha2079
Tallahatchie1954
Kemper18414
Carroll18111
Montgomery1713
Calhoun1645
Humphreys16310
Itawamba1468
Tippah14511
Hancock14413
Webster13411
Jefferson1263
Tunica1233
Jefferson Davis1204
Prentiss1204
George1163
Greene11310
Amite1103
Alcorn1002
Quitman991
Wilkinson989
Tishomingo971
Perry874
Choctaw754
Stone742
Franklin542
Sharkey480
Benton460
Issaquena101
Unassigned00

Alabama Coronavirus Cases

Confirmed Cases: 49892

Reported Deaths: 1077
CountyConfirmedDeaths
Jefferson6433170
Mobile4753139
Montgomery4430112
Tuscaloosa263253
Madison21199
Marshall192611
Shelby164225
Lee157237
Morgan12695
Baldwin120711
Walker106131
Elmore102920
Dallas9969
Etowah95114
DeKalb9417
Franklin93216
Autauga67614
Russell6750
Chambers67427
Unassigned65328
Butler65129
Tallapoosa62869
Limestone6223
Houston5857
Cullman5716
Lauderdale5686
St. Clair5133
Colbert4956
Calhoun4905
Lowndes48122
Escambia4808
Pike4725
Coffee4244
Jackson4182
Covington41412
Barbour3942
Dale3911
Talladega3897
Bullock37710
Marengo35211
Hale34823
Chilton3232
Clarke3126
Wilcox3038
Blount2961
Winston2965
Sumter29113
Marion27514
Pickens2696
Randolph2589
Monroe2553
Perry2362
Conecuh2308
Bibb2211
Macon2159
Choctaw21212
Greene1959
Henry1533
Washington1418
Crenshaw1273
Lawrence1250
Cherokee1237
Geneva960
Lamar871
Clay852
Fayette821
Coosa651
Cleburne421
Out of AL00
Tupelo
Clear
75° wxIcon
Hi: 93° Lo: 70°
Feels Like: 75°
Columbus
Broken Clouds
73° wxIcon
Hi: 92° Lo: 70°
Feels Like: 73°
Oxford
Clear
72° wxIcon
Hi: 91° Lo: 68°
Feels Like: 72°
Starkville
Clear
70° wxIcon
Hi: 90° Lo: 67°
Feels Like: 70°
WTVA Radar
WTVA Temperatures
WTVA Severe Weather