Major flaws put virtually all PCs, phones at risk-inlet partner India

Source : TOI

Tech Giants Rush To Fix Defects In Microchips That Could Allow Hackers To Steal Entire Memory.

Computer security experts have discovered two major security flaws in the microprocessors inside nearly all of the world’s computers. The two problems, called Meltdown and Spectre, could allow hackers to steal the entire memory contents of computers, including mobile devices, personal computers and servers running in so-called cloud computer networks.
There is no easy fix for Spectre, which could require redesigning the processors, according to researchers. As for Meltdown, the software patch needed to fix the issue could slow down computers by as much as 30% — an ugly situation for people used to fast downloads from their favorite online services.

“What actually happens with these flaws is different and what you do about them is different,” said Paul Kocher, a researcher who was an integral member of a team of researchers at big tech companies like Google and Rambus and in academia that discovered the flaws.
Meltdown is a particular problem for the cloud computing services run by the likes of Amazon, Google and Microsoft. By Wednesday, Google and Microsoft said they had updated their systems to deal with the flaw. Amazon told customers of its Amazon Web Services (AWS) cloud service that the vulnerability “has existed for more than 20 years in modern processor architectures.” It said that it had already protected nearly all instances of AWS and that customers must update their own software running atop the service as well.

According to the researchers, the Meltdown flaw affects virtually every microprocessor made by Intel, which makes chips used in more than 90% of the computer servers that underpin the internet and private business operations. Customers of Microsoft, the maker of the Windows operating system, will need to install an update from the company to fix the problem. The worldwide community of coders that oversees the open-source Linux operating system, which runs about 30% of computer servers worldwide, has already posted a patch for that operating system. Apple had a partial fix for the problem and is expected to have an additional update.
There is no evidence that hackers have taken advantage of the vulnerability — at least not yet. But once a security problem becomes public, computer users take a big risk if they do not install a patch to fix the issue.

The other flaw, Spectre, affects most processors now in use, though the researchers believe this flaw is more difficult to exploit. There is no known fix for it, and it is not clear what chip makers like Intel will do to address the problem. It is not certain what the disclosure of the chip issues will do to Intel’s business, and on Wednesday, the Silicon Valley giant played down the problem. “Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed,” the company said in a statement. “Intel believes these exploits do not have the potential to corrupt, modify or delete data.”

“Meltdown is an urgent crisis, but Spectre affects virtually all fast microprocessors… the threat from Spectre is going to live with us for decades,” Alliance Pro IT (Intel partner India)said.