Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

‘Billions’ of Intel computers potentially affect by huge security vulnerability

Issue has now been fixed, company says

Andrew Griffin
Wednesday 09 August 2023 17:21 BST
Comments
Data shows the number of applications to computing by 18-year-olds in the UK has risen by 9.5% (PA)
Data shows the number of applications to computing by 18-year-olds in the UK has risen by 9.5% (PA) (PA Wire)

A major security vulnerability had the potential to hit “billions” of computers, according to the Google researchers who discovered it.

The security flaw, dubbed “Downfall”, attacked Intel processors in a way that would allow hackers to steal passwords, encryption keys and private data from users. That’s according to Daniel Moghimi, the senior research scientist at Google who found the problem and disclosed it this week.

He alerted Intel about the issue with its chips, and the company has since sent out an update to fix it. But the issue could have affected “billions of personal and cloud computers”, Google said.

“Had these vulnerabilities not been discovered by Google researchers, and instead by adversaries, they would have enabled attackers to compromise Internet users,” the researchers wrote in a blog post.

The attack worked by breaking through the boundary that is intended to keep software safe from attacks on the hardware. In doing so, attackers would have been able to find data that belongs to other users on the system, the attackers said.

It did so by exploiting technologies that are intended to speed up various processes on the chip. Attackers were able to exploit those tools to steal sensitive information that should have stayed available only to its owner, when they were signed in.

The nature of the attack means that hackers would need to be on the same physical processor as the person they are attacking. But that would be possible using malware, or the shared computing model that powers cloud computing, for instance.

Intel said that the problem does not affect recent versions of its chips, and that the fix does not cause major problems. But it did suggest that users could disable the fix, if they thought the risk was not worth the slight drawbacks in performance.

The company also told Bleeping Computer that “trying to exploit this outside of a controlled lab environment would be a complex undertaking”.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in