Two major bugs in computer chips are being worked to be fixed by tech companies. These two bugs could help hackers to break into computers and decamp with secure data.
Chips that are manufactured by AMD and ARM contains “Spectre”- one of the “serious security flaws” according to Google’s researchers.
“Meltdown” is the other one that impacts chips only made by Intel.
The tech industry reportedly had known about the imperfections for a few months now and attempting to resolve the issues before the matter became public.
However, no evidence exists that can show that hackers have used the vulnerability, said the UK’s National Cyber Security Centre (NCSC).
Some of the chips affected by the imperfections date back to 1995 according to the researchers who first discovered the imperfections.
Intel said that users of such chips can make use of interim fixes like software updates – some of which have already been introduced while other are to be introduced in the next few days. Globally, 90% of laptops and 80% of desktops have one or more Intel chips inside.
In order to fix a bug issue, the manufacturing company of a chip is shared information about the discovery of a security problem by the people who discover them.
And in order to prevent hackers from making use of the bug, typically, both the parties agree not to make the discovery pubic till such time as a solution is found out.
But this time, even before a fix for the problems could be got ready for distribution, someone made the information public.
While many security researchers have tweeted about their secrecy agreement with Intel, the chip-maker on its part has said that there were plans to making the information public next week.
This has created an uncomfortable situation for the company.
Many electronic gadgets like computers and mobile phones have microchips as the core of the functioning off the basic electronic systems.
Various forms of memory are used for temporary storage of data which are then moved around for operation of the electronic systems.
And such information, on many occasions, are required to be made secured from any snooping attempts. However, these two bugs could allow hackers to access such information and data.
“Many types of computing devices – with many different vendors’ processors and operating systems – are susceptible to these exploits,” said Intel.
Many of the customers of ARM, which include some smartphone manufacturers, have already been shared the patches, ARM said.
It believed there was “near zero risk to AMD products at this time”, AMD said.
What steps need to be taken by some customers was listed in a blog published by Google. It said that Gmail was safe and those Android phones that were equipped with the latest security updates were safe also. For the for users of the Chrome web browser, Google would soon release new security patches for older Chromebooks.
The NCSC advised that all organisations and home users “continue to protect their systems from threats by installing patches as soon as they become available.”
Caution was sounded on the issue by experts.
“It is significant but whether it will be exploited widely is another matter,” said Prof Alan Woodward, from the University of Surrey
(Adapted from BBC.com)