Cybersecurity researchers are warning of two major defects in computer chips that leave a vast number of computers and smartphones vulnerable to security concerns.
In emphasizing the scope of the problem, a U.S. government-backed entity is warning that the chips themselves must be replaced in order to satisfactorily fix the problem.
The flaws could give an attacker the ability to read sensitive data stored in a device’s memory such as passwords or allow them to see what tabs a user has opened on their computer, according to researchers.
A cybersecurity researcher from Graz University of Technology, Daniel Gruss, helped identify the flaw. And while he said it may be tough to execute an actual attack, he noted that billions of devices were likely affected.
Called Meltdown and Spectre, the flaws exist in processors, a building block of computers that acts as the brain. Modern processors are designed to perform something called “speculative execution.” That means they predict what tasks they will be asked to execute and rapidly access multiple areas of memory at the same time.
That data is supposed to be protected and isolated, but researchers discovered that in some cases, the information can be exposed while the processor queues it up.
Researchers say almost every computing system — desktops, laptops, smartphones, and cloud servers — is affected by the Spectre bug. Meltdown appears to be specific to Intel () chips.
“More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors,” the researchers said. [source]
Information in this article helps satisfy Priority Intelligence Requirement 4: What are the new indicators of systems disruption to the critical infrastructure that could lead to instability? To subscribe to one of our threat intelligence newsletters: Click here.