fixWashington, Jan 4 (AFP) A newly discovered vulnerabilityin computer chips has raised concerns that hackers couldaccess sensitive data on most modern systems, as technologyfirms sought to play down the security risks.
Chip giant Intel issued a statement responding to aflurry of warnings surfacing after researchers discovered thesecurity hole which could allow privately stored data incomputers and networks to be leaked.
Intel labeled as incorrect reports describing a "bug" or"flaw" unique to its products.
Intel chief executive Brian Krzanich told CNBC that"basically all modern processers across all applications" usethis process known as "access memory," which was discovered byresearchers at Google and kept confidential as companies workon remedies.
Google, meanwhile, released findings from its securityresearchers who sparked the concerns, saying it made theresults public days ahead of schedule because much of theinformation had been in the media.
The security team found "serious security flaws" indevices powered by Intel, AMD and ARM chips and the operatingsystems running them and noted that, if exploited, "anunauthorised party may read sensitive information in thesystem's memory such as passwords, encryption keys, orsensitive information open in applications.""As soon as we learned of this new class of attack, oursecurity and product development teams mobilised to defendGoogle's systems and our users' data," Google said in asecurity blog.
"We have updated our systems and affected products toprotect against this new type of attack. We also collaboratedwith hardware and software manufacturers across the industryto help protect their users and the broader web."The Google team said the vulnerabilities, labeled"Spectre" and "Meltdown," affected a number of chips fromIntel as well as some from AMD and ARM, which specializes inprocessors for mobile devices.
Intel said it was working with AMD and ARM Holdings andwith the makers of computer operating software "to develop anindustry-wide approach to resolve this issue promptly andconstructively.""Intel believes these exploits do not have the potentialto corrupt, modify or delete data."Jack Gold, an independent technology analyst, said he wasbriefed in a conference call with Intel, AMD and ARM on theissue and that the three companies suggested concerns wereoverblown.
"All the chips are designed that way," Gold said.
"Every modern architecture takes advantage of that designto make things run faster," Gold said.
The companies were working on remedies after "someresearchers found a way to use existing architecture and getinto protected areas of computer memory and read some of thedata," Gold said.
Microsoft said in a statement it had no informationsuggesting any compromised data.
The company said it is "releasing security updates todayto protect Windows customers against vulnerabilities affectingsupported hardware chips from AMD, ARM, and Intel."AMD and ARM did not immediately respond to AFP requestsfor comment.
Earlier this week, some security researchers said any fix- which would need to be handled by software - could slow downcomputer systems, possibly by 30 percent or more.
Intel's statement said these concerns, too, wereexaggerated.
"Contrary to some reports, any performance impacts areworkload-dependent, and, for the average computer user, shouldnot be significant and will be mitigated over time," thecompany statement said.
Earlier yesterday, Tatu Ylonen, security researcher atSSH Communications Security, noted that the flaw, ifexploited, could allow hackers to gain access to private data,including passwords, banking data and encrypted or classifiedinformation.
The patch "will be effective" but it will be critical toget all networks and cloud services upgraded, Ylonen said.
"There are thousands of small cloud providers and all ofthem will need to upgrade," he said.
British security researcher Graham Cluley also expressedconcern "that attackers could exploit the flaw on vulnerablesystems to gain access to parts of the computer's memory whichmay be storing sensitive information. Think passwords, privatekeys, credit card data."Cluley said in a blog post that it was "good news" thatthe problem had been kept under wraps to allow operatingsystems such as those from Microsoft and Apple to makesecurity updates before the flaw is maliciously exploited.
"The bad news is that no-one likes to make such low levelsecurity updates, particularly under such time-sensitiveconditions," Cluley said.
"Inevitably some businesses will find themselvesdisrupted by the process." (AFP)MRJ.
This is unedited, unformatted feed from the Press Trust of India wire.