Major chip flaws affect billions of devices

Two major flaws in computer chips could leave a huge number of computers and smartphones vulnerable to security conce...

Posted: Jan 4, 2018 3:09 PM
Updated: Jan 4, 2018 3:09 PM

Two major flaws in computer chips could leave a huge number of computers and smartphones vulnerable to security concerns, researchers revealed Wednesday.

And a U.S. government-backed body warned that the chips themselves need to be replaced to completely fix the problems.

The flaws could allow an attacker to read sensitive data stored in the memory, like passwords, or look at what tabs someone has open on their computer, researchers found. Daniel Gruss, a researcher from Graz University of Technology who helped identify the flaw, said it may be difficult to execute an attack, but billions of devices were impacted.

Called Meltdown and Spectre, the flaws exist in processors, a building block of computers that acts as the brain. Modern processors are designed to perform something called "speculative execution." That means they predict what tasks they will be asked to execute and rapidly access multiple areas of memory at the same time.

Related: The year tech took a dark turn

That data is supposed to be protected and isolated, but researchers discovered that in some cases, the information can be exposed while the processor queues it up.

Researchers say almost every computing system -- desktops, laptops, smartphones, and cloud servers -- is affected by the Spectre bug. Meltdown appears to be specific to Intel chips.

"More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors," the researchers said.

Government agencies issued statements warning users about the vulnerabilities.

The U.S. Computer Emergency Readiness Team said that while the flaws "could allow an attacker to obtain access to sensitive information," it's not so far aware of anyone doing so.

The agency urged people to read a detailed statement on the vulnerabilities by the Software Engineering Institute, a U.S.-government funded body that researches cybersecurity problems.

The institute said that "fully removing the vulnerability requires replacing vulnerable [processor] hardware."

It said the problems affect technology giants including Apple, Google and Microsoft.

The U.S. Computer Emergency Readiness Team recommended that users read advice posted online by Microsoft and software company Mozilla.

The U.K.'s National Cyber Security Center advised organizations and individuals to "continue to protect their systems from threats by installing patches as soon as they become available."

Google programmer Jann Horn of Project Zero was one of the researchers who discovered the flaws. In a blog post, he said his group alerted chipmakers to the issues in June. Since last fall, security researchers and companies have investigated and updated software systems to address the flaws.

Related: Hackers take advantage of bitcoin's wild ride

Intel chips are found in everything from personal computers to medical equipment. The company's shares were down 3% on Wednesday.

The company said in a press release that "many types of computing devices - with many different vendors' processors and operating systems - are susceptible to these exploits."

Intel said it is working with other chipmakers, including AMD and ARM Holdings, to solve the issue. ARM said in a statement a small subset of its processors are susceptible to the flaws. AMD said in a statement there is a "near zero risk of exploitation" for one of the security issues, due to architecture differences.

A fix requires both the chip manufacturers and software makers to update their products before pushing it out.

Estimates posted on Linux message boards suggested computer performance could slow down between 5% and 30% once patched, however Intel said users will not see significant performance changes.

Tech website The Register was first to report the processor flaws on Tuesday.

A spokesperson for Microsoft told CNNMoney the company is aware of the issue and is in the process of deploying mitigations to cloud services and has released security updates to protect Windows users.

Related: The hacks that left us exposed in 2017

Google's Cloud Platform has been updated to prevent the vulnerabilities, the company said.

Amazon said in a statement most of its cloud computing machines affected by the flaw are already protected, but it is updating the rest on Wednesday.

Researchers said patches were available for Apple's OS X. The company did not respond to a request for comment.

It's important for all users to update their devices when new updates are released.

Flaws in chips are unusual. Back in 1994, a major error in Intel's Pentium processor caused computers to incorrectly calculate results.

-- Jethro Mullen contributed to this report.

Indiana Coronavirus Cases

Data is updated nightly.

Cases: 751242

Reported Deaths: 13795
CountyCasesDeaths
Marion1032931788
Lake556911009
Allen41692692
St. Joseph36990565
Hamilton36588417
Elkhart29398461
Tippecanoe22901226
Vanderburgh22556400
Porter19356325
Johnson18471389
Hendricks17682317
Clark13226195
Madison13149344
Vigo12614253
LaPorte12419221
Monroe12207176
Delaware10966198
Howard10321225
Kosciusko9630121
Hancock8576146
Bartholomew8169157
Warrick7860156
Floyd7811180
Grant7242179
Wayne7162201
Boone6966103
Morgan6761141
Dubois6218118
Marshall6209116
Cass6016110
Henry5900110
Dearborn589878
Noble581488
Jackson509076
Shelby501496
Lawrence4742122
Gibson444894
Clinton442355
Harrison441875
DeKalb439885
Montgomery438090
Whitley406543
Huntington402681
Steuben400159
Miami395269
Jasper388054
Knox375991
Putnam372960
Wabash361983
Ripley347170
Adams345555
Jefferson335886
White331953
Daviess3033100
Wells295281
Decatur289992
Greene286885
Fayette284864
Posey273835
LaGrange273072
Scott270156
Clay267148
Washington246036
Randolph244783
Jennings235349
Spencer234531
Starke228058
Fountain220948
Sullivan214643
Owen211858
Fulton202942
Jay200932
Carroll193620
Orange188255
Perry187237
Rush175926
Vermillion174844
Franklin170335
Tipton166246
Parke149416
Pike138234
Blackford136232
Pulaski120647
Newton113936
Brown104243
Crawford102516
Benton101714
Martin91715
Warren84015
Switzerland8148
Union72810
Ohio57911
Unassigned0420

Ohio Coronavirus Cases

Data is updated nightly.

Cases: 1108902

Reported Deaths: 20166
CountyCasesDeaths
Franklin1287491467
Cuyahoga1158082211
Hamilton814091250
Montgomery525571043
Summit484351001
Lucas43359820
Butler39018606
Stark33338929
Lorain25675505
Warren24595303
Mahoning22376603
Lake21211388
Clermont20124253
Delaware18856136
Licking16663222
Fairfield16576204
Trumbull16551482
Medina15612271
Greene15284248
Clark14237306
Wood13292200
Portage13251215
Allen11914239
Richland11607211
Miami10849225
Wayne9146223
Columbiana9034230
Muskingum8906135
Pickaway8664122
Tuscarawas8650250
Marion8642138
Erie8056165
Ashtabula7161179
Hancock6999132
Ross6945161
Geauga6838151
Scioto6534106
Belmont6157174
Union584649
Lawrence5732102
Jefferson5679158
Huron5546122
Sandusky5442126
Darke5420129
Seneca5350128
Washington5320109
Athens523960
Auglaize502187
Mercer487385
Shelby476895
Knox4572112
Madison444366
Ashland435797
Putnam4336103
Defiance432399
Fulton432174
Crawford4040110
Brown402461
Logan387677
Preble3856105
Clinton379166
Ottawa373681
Highland359865
Williams348278
Champaign344859
Guernsey324953
Jackson318254
Perry297350
Morrow291840
Fayette285450
Hardin275365
Henry273467
Holmes2702101
Coshocton269060
Van Wert247264
Adams243256
Pike242835
Gallia240750
Wyandot234556
Hocking220563
Carroll197348
Paulding176542
Meigs148440
Monroe136344
Noble136239
Harrison114138
Morgan109624
Vinton85717
Unassigned03
Fort Wayne
Cloudy
69° wxIcon
Hi: 71° Lo: 67°
Feels Like: 69°
Angola
Cloudy
° wxIcon
Hi: 70° Lo: 64°
Feels Like: °
Huntington
Cloudy
69° wxIcon
Hi: 70° Lo: 67°
Feels Like: 69°
Decatur
Cloudy
69° wxIcon
Hi: 72° Lo: 70°
Feels Like: 69°
Van Wert
Cloudy
73° wxIcon
Hi: 76° Lo: 66°
Feels Like: 73°
Calm and cool conditions are expected across the Midwest through the middle of the work week.
WFFT Radar
WFFT Temperatures
WFFT National

Community Events