Intel Corp, a major hardware developer and cybersecurity vendor, yesterday confirmed that its processing chips contain a security vulnerability that could allow hackers to obtain stored personal information. The flaw, also discovered in microprocessors by Arm and AMD, affects chips dating back to 1995 and takes advantage of the predictive processing algorithms that enable computers to operate quickly.
When processing an application or function, microprocessors will also predict what operations they will be called upon to use next and will prepare to run them. According to a team of researchers from major universities around the globe and Google, this creates a backdoor to normally secure memory banks that can contain passwords, photos, or important documents. A malicious code could be deployed to exploit this backdoor and obtain the data through what is essentially a malware-less attack.
Intel, which produces the vast majority of microprocessor chip vital to every computer, smartphone, and cloud server, has downplayed the severity of the discovery. The company said in a statement: “Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.”
There has been no evidence that hackers have yet taken advantage of this vulnerability. Intel is working with other chip manufacturers to patch the flaw. Microsoft and Apple are working on their own patches, which will be deployed as part of mandatory software updates. Intel has acknowledged that the initial patch will result in slower operating times which will require additional updates to alleviate. Intel and the other affected companies are denying this discovery indicates design flaws.
The vulnerability patch is still forthcoming as of time of writing.
- Best Books for Defending the Digital Perimeter - September 14, 2021
- Apple Vulnerability Places All of Apple iOS at Risk - September 14, 2021
- CrowdStrike Releases 2021 Threat Hunting Report from Falcon OverWatch - September 13, 2021