Intel chip flaw: Huge bug makes nearly any computer vulnerable to hacking

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

Almost any computer could be vulnerable to a huge new computer bug.

Researchers have found a flaw in the very core of computer chips that mean almost any recent device could be insecure and give up the sensitive information it is securing. The bug could affect everything from the phone in your pocket to the servers that help send it information.

If exploited, the problem would allow hackers into some of the most sensitive parts of important computers, giving access to people's most personal information. That could be done on almost any device, including phones, laptops and the machines that power the cloud devices that store much of the world's information.

The flaw was revealed yesterday, after having been kept secret by the Google engineers who found it, but its impact was unclear. Now it has emerged that the bug could affect nearly any computer made over the last 20 years – and that fixing it could cause significant disruption across the world.

The two bugs are known as Spectre and Meltdown. Spectre can't easily be fixed, and will need computer chips themselves to be re-designed and made secure; Meltdown can be patched up through an update, but could slow computers down by as much as 30 per cent.

Companies including Amazon said they were in the process of issuing fixes for their web services and devices. "This is a vulnerability that has existed for more than 20 years in modern processor architectures like Intel, AMD, and ARM across servers, desktops, and mobile devices," it wrote, noting that most of its infrastructure had now been made safe.

But older computers might be harder to update. For many devices – especially those running Android – updates are few and far between, since phone makers are often slow to allow their customers to download new updates.

Google's Project Zero team said Wednesday that the flaw could allow bad actors to gather passwords and other sensitive data from a system's memory.

The tech company disclosed the vulnerability not long after Intel said it's working to patch it. Intel says the average computer user won't experience significant slowdowns as it's fixed.

Both Intel and Google said they were planning to disclose the issue next week when fixes will be available. Tech companies typically withhold details about security problems until fixes are available so that hackers wouldn't have a roadmap to exploit the flaws. But in this case, Intel was forced to disclose the problem Wednesday after British technology site The Register reported it, causing Intel's stock to fall.

Google says it also affects other processors and the devices and operating systems running them.

Although Intel cited rival AMD as among the companies it's working with to address the problem, AMD said in a statement that it believes its chips are safe because they use different designs.

Intel's stock fell 3.4 percent on Wednesday to close at $45.26, while AMD gained 5.2 percent to close at $11.55.

Additional reporting by agencies