Intel, ARM and AMD chip scare: What you need to know

04.01.2018 | 16:48
Nearly all computers worldwide - and many other devices - have been exposed to security flaws which leave them vulnerable to attacks by hackers.

Researchers discovered gaps in security stemming from central processing units - better known as the chip or microchip - which could allow privately stored data in computers and networks to be hacked.

So far no data breaches have been reported. So is it a big deal and what does it mean for you?

What are the bugs?

There are two separate security flaws, known as Meltdown and Spectre.

Meltdown affects laptops, desktop computers and internet servers with Intel chips.
Spectre potentially has a wider reach. It affects some chips in smartphones, tablets and computers powered by Intel, ARM and AMD.

Bryan Ma, a senior analyst at technology consultancy IDC, says data centres and devices that connect to the cloud are also at risk.

How big is the problem?

First, let's not panic. The UK's National Cyber Security Centre (NCSC) said there was no evidence that the vulnerability had been exploited.

But now that it has been made public, there's concern the bugs are discoverable and may be taken advantage of.

The BBC understands the tech industry has known about the issue for at least six months - and that everyone involved, from developers and security experts had signed non-disclosure agreements. The plan, it seems was to try to keep things under wraps until the flaws had been fully dealt with.

Consider the figures for personal computers alone: there are 1.5 billion in use today (desktop and laptop combined) and around 90% are powered by Intel chips, IDC estimates. That means exposure to the Meltdown bug is potentially huge.

What information is at risk?

The bugs allow hackers to potentially read information stored on a computer memory and steal information like passwords or credit card data.

Technology analyst Jake Saunders from ABI Research said it was not exactly clear what information might be at risk, but as the security gaps had been exposed "the question is whether other parties can discover and potentially exploit them".

How do I protect my computer?

Device makers and operating system providers have had time to try to fix this. They are pushing out security updates, or patches, which will protect your computer, tablet or phone against a breach that uses the Meltdown vulnerability. Users should install these updates as soon as they are made available.

Microsoft, Apple and Linux, the three major operating system makers, are all issuing patches.

Apple has not said precisely when patches for earlier versions of macOS will be available, but the latest version, numbered 10.13.2, is safe.

Microsoft released an emergency Meltdown patch for Windows 10 on 4 January, it will subsequently be applied to Windows 7 and 8 machines.

Google said Android phones with the most recent security updates are protected, and users of web services like Gmail are also safe. Chromebook users on older versions will need to install an update when it comes. Chrome web browser users are expected to receive a patch on 23 January.

Security updates are also in the works for Apple laptops and desktops, though it is not clear whether iPhones and iPads are vulnerable.

Cloud services for businesses, including Amazon Web Services and Google Cloud Platform, say they have already patched most services, and will fix the rest soon.

Spectre is thought to be much harder to patch and no fix for it has yet been made widely available.

Will the fix slow down my computer?

Some researchers have claimed that any fixes could slow down computer systems, possibly by 30%, but Intel believes these claims are exaggerated. It said any performance impacts were "workload-dependent" and the impact for average computer users "should not be significant".

IDC's Mr Ma agreed that for most regular users - who rely on their computer for web browsing and email - the security fixes were unlikely to slow their computer.

How will the tech industry react?

News about the bugs comes at an awkward time for the industry. Next week, CES, the giant consumer electronics trade show, kicks off in Las Vegas.

Many attendees will be wondering how the new products on display will be affected, and marketing materials detailing speed increases will likely have to be revised.

Experts also think that because Meltdown and Spectre reveal fundamental flaws in how computer chips are designed, there will have to be a serious rethink about how such technology is made in the future.

"It's huge in the geek world," wrote computer security researcher Rob Graham on his blog.

"We'll need to redesign operating systems and how CPUs [central processing units] are made."
Intel, ARM, AMD, chip, security flaws
Source BBC News

Comments (1)
  1. Added COMPOSITE HACKS 18.01.2018 | 05:18★COMPOSITE HACKS★

    If Truly you Are In Need Of A LEGIT PROFESSIONAL HACKER Who Will Get Your Job Done Efficiently With Swift Response, Congratulations, You Have Met the Right HACKERS.

    ★ WHO ARE COMPOSITE HACKS???
    • We are a Team Of Professional HACKERS , a product of the coming together of Legit Hackers from the Dark-Web (pentaguard, CyberBerkut, White Hack and Black Hat,) we have been existing for over 12years, our system is a very strong and decentralized command structure that operates on ideas and directives.

    ★ JOB GUARANTEE:
     • Frankly speaking, I always give a 100% guarantee on any job we are been asked to do, because we have always been successful in Almost all our jobs for over 12years and our clients can testify to that.
    The Problem we are Facing right now is that there are so many fake Hackers here online who are claiming what they are not, just to eat innocent people's money and Run away, But its only the SMART People that would be able to distinguish between these enormous Fake Hackers and the Few LEGIT HACKERS. I could remember there was a time i started hacking their emails and shutting it down, but at a point i observed that these scam hackers are enormous, how many of them am i gonna hack? I had to Leave them and Face my Job.
    - COMPOSITE HACKS is One of the Leading Hack Teams in the United States With so Many Awards from the IT Companies.


    ★ OUR HACKING CAPABILITIES:
    We Offer Varieties Of LEGIT Hacking Services With the Help Of Our Root HackTools, Special HackTools and Our Technical Hacking Strategies.
    - Below is a List Of Services we Render Often:
    ★Penetration Testing
    ★ Phishing
    ★ Jail Breaking.
    ★ Phone Hack: Giving you access to the Target's Call Log, messages, chats and all social media Apps .
    ★Retrieval Of Lost Files
    ★ Location Tracking.
    ★ Clearing Of Criminal Records.
    ★ Hacking Of Server, Database And website e.g Facebook, twitter, Instagram Snapchat etc

    ★ SOME OTHER SPECIAL SERVICES WE OFFER:
    ★ Bank Accounts Loading ( Only USA Banks)
    ★ Credit Cards Loading (Only USA CC's)
    ★ One Vanilla Cards Loading ($100 cards and above)
    ★ Sales Of HACKED/PROGRAMMED ATM Cards & CC's ( For All Countries.)

    ★ You can also contact us for other Cyber Attacks And Hijackings, we do almost All.

    ★Contact Us for Your Desired Service Via: compositehacks@gmail.com

    ★Our Website : www.compositehacks.blogspot.com

    ★We Treat Every Request With Utmost Confidentiality★
Leave comment:CaptchaRefresh verification code