Abu Dhabi, UAEMonday 26 August 2019

Millions of computers affected by Intel chip flaw

The bugs allow hacking on personal computers and the cloud

In this Oct. 3, 2018, file photo the Intel logo appears on a screen at the Nasdaq MarketSite, in New York's Times Square. Intel has revealed another hardware security flaw that could affects millions of machines around the world. The chipmaker said Tuesday, May 14, 2019, that there’s no evidence of bad actors exploiting the bug, which is embedded in the architecture of computer hardware. AP Photo
In this Oct. 3, 2018, file photo the Intel logo appears on a screen at the Nasdaq MarketSite, in New York's Times Square. Intel has revealed another hardware security flaw that could affects millions of machines around the world. The chipmaker said Tuesday, May 14, 2019, that there’s no evidence of bad actors exploiting the bug, which is embedded in the architecture of computer hardware. AP Photo

Millions of computers have been affected by a new vulnerability on almost every Intel chip since 2011, allowing hackers to steal sensitive information directly from the processor.

The bugs, called ZombieLoad, can be exploited on personal computers and in the cloud, researchers say.

It is a side-channel attack on Intel chips, allowing hackers to exploit design flaws rather than injecting malicious code.

ZombieLoad is similar to Meltdown and Spectre, two bugs in 2018 that allowed critical information stored deep inside computer systems to be exposed.

Both bugs leaked sensitive data stored briefly in the processor, including passwords, secret keys and account tokens, and private messages.

Although no attacks exploiting the ZombieLoad bugs have been publicly reported, the researchers could not rule them out, because they say an attack would not necessarily leave a trace.

But to stop future attacks, Intel is applying patches to the microcode that will help to clear the processor’s buffers, preventing data from being read.

Speaking to website TechCrunch, Intel said that the microcode updates would affect processor performance.

It said most patched devices would lose up to a 3 per cent in performance. Data centres would lose as much as 9 per cent.

But a spokesman said the lapse in performance was unlikely to be noticeable in most cases.

Apple, Microsoft and Google have also released security patches, with other companies expected to follow.

Updated: May 15, 2019 11:08 AM

SHARE

SHARE