Security flaws put virtually all phones, computers at risk

Security flaws put virtually all phones, computers at risk

Security researchers on Wednesday disclosed a set of security flaws that they said could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel Corp, Advanced Micro Devices Inc and ARM Holdings, Reuters reports.

One of the bugs is specific to Intel but another affects laptops, desktop computers, smartphones, tablets and internet servers alike. Intel and ARM insisted that the issue was not a design flaw, but it will require users to download a patch and update their operating system to fix.

“Phones, PCs, everything are going to have some impact, but it’ll vary from product to product,” Intel CEO Brian Krzanich said in an interview with CNBC Wednesday afternoon.

Researchers with Alphabet Inc’s Google Project Zero, in conjunction with academic and industry researchers from several countries, discovered two flaws.

The first, called Meltdown, affects Intel chips and lets hackers bypass the hardware barrier between applications run by users and the computer’s memory, potentially letting hackers read a computer’s memory and steal passwords. The second, called Spectre, affects chips from Intel, AMD and ARM and lets hackers potentially trick otherwise error-free applications into giving up secret information.

The researchers said Apple Inc and Microsoft Corp had patches ready for users for desktop computers affected by Meltdown. Microsoft declined to comment and Apple did not immediately return requests for comment.

Daniel Gruss, one of the researchers at Graz University of Technology who discovered Meltdown, called it “probably one of the worst CPU bugs ever found” in an interview with Reuters.

Gruss said Meltdown was the more serious problem in the short term but could be decisively stopped with software patches. Spectre, the broader bug that applies to nearly all computing devices, is harder for hackers to take advantage of but less easily patched and will be a bigger problem in the long term, he said.

Speaking on CNBC, Intel’s Krzanich said Google researchers told Intel of the flaws “a while ago” and that Intel had been testing fixes that device makers who use its chips will push out next week. Before the problems became public, Google on its blog said Intel and others planned to disclose the issues on Jan. 9. Google said it informed the affected companies about the “Spectre” flaw on June 1, 2017 and reported the “Meltdown” flaw after the first flaw but before July 28, 2017.

The flaws were first reported by tech publication The Register. It also reported that the updates to fix the problems could causes Intel chips to operate 5 percent to 30 percent more slowly.

Intel denied that the patches would bog down computers based on Intel chips.

“Intel has begun providing software and firmware updates to mitigate these exploits,” Intel said in a statement. “Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”

ARM spokesman Phil Hughes said that patches had already been shared with the companies’ partners, which include many smartphone manufacturers.

“This method only works if a certain type of malicious code is already running on a device and could at worst result in small pieces of data being accessed from privileged memory,” Hughes said in an email.

AMD chips are also affected by at least one variant of a set of security flaws but that it can be patched with a software update. The company said it believes there “is near zero risk to AMD products at this time.”

Google said in a blog post that Android phones running the latest security updates are protected, as are its own Nexus and Pixel phones with the latest security updates. Gmail users do not need to take any additional action to protect themselves, but users of its Chromebooks, Chrome web browser and many of its Google Cloud services will need to install updates.

Amazon Web Services, a cloud computing service used by businesses, said that most of its internet servers were already patched and the rest were in the process of being patched.

The defect affects the so-called kernel memory on Intel x86 processor chips manufactured over the past decade, The Register reported citing unnamed programmers, allowing users of normal applications to discern the layout or content of protected areas on the chips.

That could make it possible for hackers to exploit other security bugs or, worse, expose secure information such as passwords, thus compromising individual computers or even entire server networks.

Dan Guido, chief executive of cyber security consulting firm Trail of Bits, said that businesses should quickly move to update vulnerable systems, saying he expects hackers to quickly develop code they can use to launch attacks that exploit the vulnerabilities. “Exploits for these bugs will be added to hacker’s standard toolkits,” said Guido.

Shares in Intel were down by 3.4 percent following the report but nudged back up 1.2 percent to $44.70 in after-hours trading while shares in AMD were up 1 percent to $11.77, shedding many of the gains they had made earlier in the day when reports suggested its chips were not affected.

It was not immediately clear whether Intel would face any significant financial liability arising from the reported flaw.

“The current Intel problem, if true, would likely not require CPU replacement in our opinion. However the situation is fluid,” Hans Mosesmann of Rosenblatt Securities in New York said in a note, adding it could hurt the company’s reputation.

Iran's budget deficit decreases
Iran's budget deficit decreases
Employment in Iran's industrial sector increases
Employment in Iran's industrial sector increases
Iran's power consumption reduced by Omid plan
Iran's power consumption reduced by Omid plan
Loading Bars
Latest
Turkey passes 10 million mark in COVID-19 vaccinations
Georgian parliamentary committees to hear report on HPP construction
Official representative of Presidential Administration of Azerbaijan thanks Israel for medical assistance - Israel HaYom
UN chief urges countries to adopt special measures, quotas to advance women's equal participation
UK records another 4,712 coronavirus cases
Supreme Court rejects final Trump election challenge
India may start full operations at Chabahar port by May end
Iran profits from gas transmission development
Georgia 1st among best destinations for vaccinated travellers in 2021
Erdogan, Johnson discuss bilateral developments over phone
Electricity consumption in February amounted to 1.6 bln kWh in Kyrgyzstan
U.S. COVID-19 cases surpass 29 mln
Yellen says Biden COVID bill to fuel 'very strong' U.S. recovery
Iran's budget deficit decreases
Iran's Energy Exchange announces products to be on sale on March 9
Africa's confirmed COVID-19 cases pass 3.96 mln: Africa CDC
Syria's President Bashar al-Assad tests positive for Covid-19
Employment in Iran's industrial sector increases
Bulk of Jan.2021 loans to electric energy sector in Azerbaijan issued in foreign currency
Azerbaijan confirms 71 more COVID-19 recoveries
Loading-unloading of cargo in ports of Iran's Gilan Province expands
Iran's power consumption reduced by Omid plan
Iran to inaugurate more projects in free economic zones
Iran has developed steel supply chain - Iranian President
Iran's Securities and Exchanges Organization talks number of investors in capital market
Iran’s Bahar Azadi gold coin price rising
Volume of dry-farming land in Iran increases
Iran's NISOC begins excavations on its territory
Iran’s South Pars Gas Company reveals production data of its refinery
Iran waits for Europeans to comply with the JCPOA - MFA
Iran to make decision whether to open schools after Nowruz holiday
Production of LPG-fueled cars in Iran's interests - Chamber of Commerce
Armenia's war crimes exposed at UN Congress
Azerbaijan sees growth in Jan.2021 transactions via clearing system for small payments
Iran boosts car manufacturing
Spanish La Vanguardia: Return to Azerbaijan's Karabakh after war
Azerbaijan’s export of ferrous metal products down
Turkmenbashi Oil Refineries opens tender for purchase of gasoline
Britain's M&S expands online business to over 100 markets
Dustbin of history - place for former Armenian president Kocharian, 'Karabakh clan' - historian
Khazar Consortium opens tender to purchase cementing unit
Turkey’s food retail chain Migros to bolster gender-equal workforce and greener stores
Iran Mercantile Exchange working to expand sale of goods
Iran reveals COVID-19 data for March 8
Modi to inaugurate Maitri Setu between India and Bangladesh on Tuesday
India's Covid Vaccine Rollout "Rescued The World": Top US Scientist
India pre-eminent partner of US in Indo-Pacific region: Blinken tells Jaishankar
Bachendri Pal to lead all women team aged above 50 in a 5 month long Himalayan expedition
Satellite set for Mar 28 launch will provide near real time images of borders, quick monitoring of natural disasters
Sikh Fighter Pilot Memorial In UK To Honour Indians Who Fought In World Wars
IMF, Georgia review agenda of bilateral cooperation
Iranian President and Irish FM discuss JCPOA
Iran reserves strategic basic goods
Iran’s Rouhani asks for release of frozen assets in Iraqi banks
Iranian parliament approves increase of salaries to aid low incomes
Iran not to allocate Nowruz gasoline quota due to COVID-19
Uzbekneftegaz establishing production of import-substituting products for industrial enterprises
Iran to obtain its funds frozen in Iraq
Georgia opens new enterprise with support of Rural Development Agency
Interest in entrepreneurship growing among women in Azerbaijan
Export of cotton from Azerbaijan greatly increases in Jan. 2021
Mubarek oil&gas production dep’t owned by Uzbekneftegaz to increase natural gas production
Uzbekistan reveals its COVID-19 data for March 8
Iran unveils number of mining facilities put into operation
Japanese businessmen visit Azerbaijan’s Guba genocide memorial complex (PHOTO)
Development of Iran's Siyahmakan oil field launched
Nearly half of non-oil sector taxes in Azerbaijan falls on mobile operator in 2020
Azerbaijan's Azercell reveals number of processed requests in 2020
Azerbaijan's Jan. 2021 imports from EU show increase
Accumulative life insurance market in Azerbaijan grows
Iran capable of building long water transfer pipelines - Iranian VP
Deliveroo launches London IPO after business surges in 2020
Iran to publish final report of the downed Ukrainian jet soon
No direct or indirect relations between Iran and US - Iranian Foreign Ministry
Approval of FATF related bills would increase Iran's export revenue - Iranian Union
Iranian medicine importers awaiting approval of FATF related conventions
Turkey records slight decrease in car exports abroad
Cement exports from Turkey to global markets grow
Azerbaijan shows footage from Zangilan's Garagoz village (VIDEO)
Turkey's revenues from export of grains, legumes to global markets up
Moscow hosts opening ceremony of another 'Gifts of Azerbaijan' stand
Turkmenistan sells diesel fuel, gasoline to number of countries
Baku celebrating International Women's Day (PHOTO)
Kazakhstan's exports to Portugal plummet amid COVID-19
Kazakhstan boosts trade turnover with Lithuania
Oil supply to exceed demand in 2022, says JP Morgan
Georgia sees decrease in COVID-19 cases
Uzbekistan's gold deposit ranks in list of world's biggest gold mines by production
Azerbaijan's digital infrastructure project to generate Digital Silk Road between Europe, C.Asia
U.S. says all options on table for a decision on Afghanistan
Growth rate of agricultural production in Turkmenistan increases
Uzbekneftegaz reveals volume of oil products manufactured in 2M2021
Azerbaijan's First VP congratulates Azerbaijani women on International Women's Day
JP Morgan reveals 2021 oil demand & supply forecasts
Boom in Iran's housing sector create new jobs for local force
JP Morgan says OPEC to boost supply in 2021
OPEC crude output to exceed 30 mbpd in 2022 – JP Morgan
Uzbekistan, India talk mutual phytosanitary permits for agricultural products
Turkmenistan exceeds plan for transport, communication sector
Weekly review of Azerbaijani oil market
All news