Intel chip flaw: Huge bug makes nearly any computer vulnerable to hacking

The problem affects everything from the smallest phone to the largest web infrastructure

Andrew Griffin
Thursday 04 January 2018 09:39
Comments
Intel chip flaw: The problem affecting everything from the smallest phone to the largest web infrastructure

Almost any computer could be vulnerable to a huge new computer bug.

Researchers have found a flaw in the very core of computer chips that mean almost any recent device could be insecure and give up the sensitive information it is securing. The bug could affect everything from the phone in your pocket to the servers that help send it information.

If exploited, the problem would allow hackers into some of the most sensitive parts of important computers, giving access to people's most personal information. That could be done on almost any device, including phones, laptops and the machines that power the cloud devices that store much of the world's information.

The flaw was revealed yesterday, after having been kept secret by the Google engineers who found it, but its impact was unclear. Now it has emerged that the bug could affect nearly any computer made over the last 20 years – and that fixing it could cause significant disruption across the world.

The two bugs are known as Spectre and Meltdown. Spectre can't easily be fixed, and will need computer chips themselves to be re-designed and made secure; Meltdown can be patched up through an update, but could slow computers down by as much as 30 per cent.

Companies including Amazon said they were in the process of issuing fixes for their web services and devices. "This is a vulnerability that has existed for more than 20 years in modern processor architectures like Intel, AMD, and ARM across servers, desktops, and mobile devices," it wrote, noting that most of its infrastructure had now been made safe.

But older computers might be harder to update. For many devices – especially those running Android – updates are few and far between, since phone makers are often slow to allow their customers to download new updates.

Google's Project Zero team said Wednesday that the flaw could allow bad actors to gather passwords and other sensitive data from a system's memory.

The tech company disclosed the vulnerability not long after Intel said it's working to patch it. Intel says the average computer user won't experience significant slowdowns as it's fixed.

Both Intel and Google said they were planning to disclose the issue next week when fixes will be available. Tech companies typically withhold details about security problems until fixes are available so that hackers wouldn't have a roadmap to exploit the flaws. But in this case, Intel was forced to disclose the problem Wednesday after British technology site The Register reported it, causing Intel's stock to fall.

Google says it also affects other processors and the devices and operating systems running them.

Although Intel cited rival AMD as among the companies it's working with to address the problem, AMD said in a statement that it believes its chips are safe because they use different designs.

Intel's stock fell 3.4 percent on Wednesday to close at $45.26, while AMD gained 5.2 percent to close at $11.55.

Additional reporting by agencies

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in