Security Flaws Found In Computer, Phone Chips

Follow CBSMIAMI.COM: Facebook | Twitter

MIAMI (CBSMiami/CNN) - Cybersecurity researchers have uncovered security flaws in chips used by smartphones and computers that could be exploited by hackers to get your personal information.

The flaws -- dubbed Meltdown and Spectre -- affect processing chips made by Intel, AMD and ARM Holdings. That means if you use a desktop, laptop, smartphone or cloud service from Apple, Google, Amazon or Microsoft you might be vulnerable.

Don't panic. Here's what you should do.

1. Update Your Software!

Spectre is the main threat because it is present in billions of devices. Meltdown appears to affect only Intel chips.

The U.S. government-funded Software Engineering Institute says vulnerable chips may eventually have to be replaced altogether. But until then, experts say, software updates are key.

"Because chip replacements are not going to happen tomorrow, realistically, software is being updated," Sitaram Chamarty, a security researcher at Tata Consultancy Services, told CNNMoney. "It has to kind of trickle down, hopefully in another few days it will all be done," he added.

Intel says it is working with AMD and ARM to fix the problem, and many tech firms have already released -- or are about to release -- software updates to secure their devices.

Microsoft has already released security updates for Windows users and is taking steps to protect users of its cloud computing services. Google and Amazon are also updating their cloud services. Apple did not respond to a request for comment.

2. Brace Yourself For Slower Devices

An unfortunate downside of the software updates is that they might slow your computers and smartphones.

Patches deployed to combat the flaws could slow computers by as much as 30% depending on what you're trying to do, according to estimates posted on Linux message boards.

Intel said it does not expect users to experience any performance issues. Experts disagree.

"Processor slowdowns trickle down from data centers to everyone using the internet," said Bryce Boland, chief technology officer for Asia at cybersecurity firm FireEye. "People will feel many of their mobile devices taking a performance hit."

Chamarty says removing the vulnerability requires a fundamental change in the way modern processors operate -- a function called "speculative execution" -- a change that could drastically reduce speeds.

"If you're going to disable this, then you're back to ... many, many years ago, we're talking 10 years," he added. "Imagine running at those speeds now."

3. Wait, Watch, Hope

The good news: The vulnerabilities provide new avenues for hackers to mount attacks, but analysts say doing so is not straightforward.

"The effort to mount this attack is quite significant," Chamarty said.

The heavy lifting could dissuade hackers from targeting anyone but "big fish" such as heads of government agencies, he added.

But the downside is that there isn't really a permanent solution at the moment, meaning hackers could have plenty of time to figure out a way in.

"Resolving this issue will take time and incur costs," Boland said. "Vulnerable systems will likely remain in operation for decades."

Chamarty warned that even the mass replacement of computer chips may not necessarily help.

"It seems to be a case of the way processors are currently designed, there's no true solution currently in sight," he said.

"If somebody finds an ingenious method by which the attacks can be made more generic, less cumbersome to mount... then we have real problems."

(©2018 CBS Broadcasting Inc. All Rights Reserved. CNN contributed to this report.)

Read more
f

We and our partners use cookies to understand how you use our site, improve your experience and serve you personalized content and advertising. Read about how we use cookies in our cookie policy and how you can control them by clicking Manage Settings. By continuing to use this site, you accept these cookies.