Design flaws in new computer chips
Computer security experts have discovered two major security flaws in the microprocessors inside nearly all of the world’s computers.
The two problems, called Meltdown and Spectre, could allow hackers to steal the entire memory contents of computers, including mobile devices, personal computers and servers running in socalled cloud computer networks.
Where exactly are these flaws?
- Both are issues with the way computer chips are designed. Meltdown affects most processors made by Intel, the company that supplies the chips for a majority of PCs and more than 90 percent of computer servers.
- Spectre is far more difficult for hackers to exploit. But it is even more pervasive, affecting Intel chips, microprocessors from the longtime Intel rival AMD and the many chips that use designs from the British company ARM. Your smartphone most likely contains an ARM chip.
Why are they such a problem?
Both flaws provide hackers with a way of stealing data, including passwords and other sensitive information. If hackers manage to get the software running on one of these chips, they can grab data from other software running on the same machine.
This is a particular issue on cloud computing services
Some fixes, in the form of software updates, have been introduced or will be available in the next few days, said Intel, which provides chips to about 80% of desktop computers and 90% of laptops worldwide.
CPUs use a process known as “speculative execution” to optimise performance, using different types of memory to store data and code temporarily.
In many cases, that information is supposed to be secure from attempts to hack it, but these two bugs allow malicious code to read the entire operating system without permission, stealing passwords and login files.