Almost all popular PC processors – Intel, AMD, and ARM are affected by a serious security flaw. For Windows 10, there is now a patch available.
In computer chips of billions of devices, a serious security vulnerability has been discovered, by which attackers can get to your confidential data. Intel, AMD, & ARM, all leading chip manufacturers seem to be affected. Researchers demonstrated that it was possible to gain access to, for example, passwords, crypto keys, and other sensitive information from programs. The tech companies are in the process of plugging the gap with software updates and fixing the CPU bug; however, these are now partial fixes.
CPU Vulnerability: Install patch for Windows 10 now!
Microsoft announces: the company has released the first patch on January 4th. This should ward off the attacks described below, at least on Windows 10 computers. The patch is available for both ARM and Intel processors.
Processor Vulnerability: Researchers discover serious vulnerability
The vulnerability lies in a process whereby chips may retrieve information, needed later, in advance to avoid delays. This technique is known as “speculative execution” and has been used by various providers for years. Thus, a mass of computer equipment is at least theoretically threatened. They do not know if the vulnerability has already been exploited, the researchers said. You probably would not be able to find it because the attacks left no traces in traditional log files.
Specter and Meltdown: Two attacks possible
The researchers, who work at Google, among others, described two possible attacks based on this vulnerability. One named “Meltdown” breaks down the basic separation mechanisms between programs and the operating system. This could allow malicious software to access the memory and thus also data from other programs and the operating system. According to the vulnerability discoverers, nearly every Intel chip since 1995 is vulnerable to this attack, but it can be temporary blocked with software updates. The second attack, “Specter”, allows programs to spy on each other. Specter is harder to implement than Meltdown – but it’s also harder to protect yourself from it. One can stop at least known malicious software by updates. Specter affects almost all systems: desktops, laptops, cloud servers, and smartphones, the researchers said. The attack on chips from Intel and AMD as well as ARM designs has been proven in different demostrations.
CPU bug: patches are in progress
The industry giant Intel said it was working together with other companies on a solution, but at the same time doubted that the vulnerability had already been exploited. The Intel competitor AMD, which was also named by the discoverers of the vulnerability, denied that its processors are affected. The chip designer ARM, whose processor architecture dominates in smartphones, confirmed that some products are vulnerable.
CPU Security: Even smartphones are affected
Since the problem not only occurs in Intel CPUs, but also with AMD and ARM processors, the problem is not limited to Windows computers. ARM processors are mainly used on mobile devices; Therefore, there will soon be security updates for corresponding smartphones.
Does anti-virus software help against this CPU bug?
Against attacks on the PC, antivirus programs usually provide good protection. But does it provide the safety in this case, too? We spoke to Anne, a security specialist at GFTR. According to her, a local attack is needed to exploit the gap. That means there must be a malicious program or a hacker on the PC at work. This in turn gets the protection program on the basis of behavior-based detection or even the exploit blocker and can thus prevent attacks. In general, GFTR estimates the risk as rather low. According to Anne, the hurdles for such an attack are very high and the yield is very low. You can get to passwords, but the attack is aimed at volatile memory, where the data is available only for a short time. For attacks on end users, the effort would be worthwhile.
What the experts are saying
Researchers at the Graz University of Technology played a key role in the discovery of the processor vulnerability. We spoke to a member who belongs to the discovery team and asked the question: what the processor manufacturers have to change in the future? “It is often a decision that must be made keeping in mind the gap between performance and security,” he said via email. “In any case, when designing future processors, all possible known attack vectors must be considered.” The expert also commented on the possible dangers. When asked if we need to shut down all of our PCs, he replied, “No, above all there are no reports so far that the vulnerabilities are actively exploited. In addition, manufacturers and software developers are already providing security updates for operating systems and browsers that should be installed. His final tip “It is important not to open unknown email attachments or to install and run software from unknown sources.”
There is also good news!
The software update that works against the vulnerabilities may indeed affect the performance of the processors, admitted Intel, in most cases, the system will lose power, but at a maximum of 2 percent. In first reports, there were rumors of up to 30 percent loss. This vulnerability should (at least theoretically) fail in server chips, where the paths of many data intersect. The cloud heavyweights Google, Microsoft, and Amazon have already secured their services with software updates.