Intel Acknowledges Chip-Level Security Vulnerability In Processors
Security researchers have found serious vulnerabilities in chips made by Intel and other companies that, if exploited, could leave passwords and other sensitive data exposed.
"Several researchers, including a member of Google's Project Zero team, found that a design technique used in chips from Intel, Arm and others could allow hackers to access data from the memory on your device. The problem impacts processors going back more than two decades and could let hackers access passwords, encryption keys or sensitive information open in applications," according to CNET.
The discovery comes shortly after the chipmaker said it was working on a patch.
In a statement released Wednesday, Intel acknowledged the problem, saying that it is "working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits."
Wired explains that the bug "allows low-privilege processes to access memory in the computer's kernel, the machine's most privileged inner sanctum. Theoretical attacks that exploit that bug, based on quirks in shortcuts Intel has implemented for faster processing, could allow malicious software to spy deeply into other processes and data on the target computer or smartphone."
According to The Associated Press:
"Tech companies typically withhold details about security problems until fixes are available so that hackers wouldn't have a roadmap to exploit the flaws.
But in this case, Intel was forced to disclose the problem Wednesday after British technology site The Register reported it, causing Intel's stock to fall."
The Register reports that "Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December."
The tech site added, "Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products."
However, that is a claim that Intel disputes: "any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time," the company says.
Copyright 2020 NPR. To see more, visit https://www.npr.org.