New security issues found in Intel processors

Millions and millions of electronic devices have an Intel-made processor. Last year, it was known that the vast majority of products sold by the brand in the past decade were vulnerable to attack, but not all weaknesses were identified at that time. This week, the transnational corporation warned that in collaboration with various independent research groups, it discovered a new security breach revealing sensitive data such as keys, user names, and the like. browsing history on desktops, laptops and cloud services. (without specifying the number of affected customers). Intel claims to have no evidence of attacks and has already taken corrective action. Experts consulted with this newspaper believe that this is a serious failure, discovered in 2018,

A new security breach was discovered last Tuesday. The company itself did this on its website as researchers from various universities and technology companies through another page. The company reports that the vulnerability was discovered inside, and then notified by third-party scientists. They claim to work in unrelated teams and report company results.

According to José Rosella, managing partner of security group S2, this problem reveals data in the microprocessor's memory that should not be available. If a user was processing confidential information, such as a confidential document or password, during an attack, it could be accessible to users. hackers add expert.

Peripherals that are considered vulnerable before Intel starts troubleshooting are computers and cloud services that are currently available on the market. The multinational corporation states that it is not affected by the amount of equipment. Cristiano Juffried, a VUSec researcher at VU University in Amsterdam, said that his team discovered the problem in all processor models released to the market in 2008. Another group analyzed equipment failures that have been established since then. 2011. "Millions of devices," according to Juffried.

Technically, according to sources, agreed, this gap is technically of the same type that was discovered in January 2018 (divided into two parts, called Meltdown and Ghost). It also made a large number of devices vulnerable (including mobile phones and tablets), and also involved processors from other companies. In August last year, another Intel vulnerability was announced called Foreshadow.

Severity of failure

Intel claims that the new violation has a low or medium degree of danger, that it is technically difficult, and that its operation in a real environment is "extremely difficult." The company claims that it has already implemented security measures for disposable processors of the eighth and ninth generation (will go on sale in 2017), as well as for cloud service products released this year. He also explained that he had released fixes so that the digital community could protect open environments.

Companies such as Google, Apple, Microsoft, Amazon and Mozilla indicated that they are protecting their customers, the statement said. TechCrunch , Intel recommends that everyone keep their systems up to date. “This is one of the best ways to protect,” e-mail sources say. “When automatic updates on a computer or other device are not delayed,” José Rosell advises.

Juffried does not agree with Intel in assessing the seriousness of the decision. In his opinion, it is more difficult to use this vulnerability than it was in the case of the ones discovered in 2018, but it is possible to be a hacker . Level One "He says. In addition, he believes that Intel does not give clear instructions for protection. “This will create a fragmented situation in which everyone will apply a different protection strategy depending on the system. In this context, an effective safety analysis will be very difficult, and this will aggravate the situation, ”he said.

The researcher adds that there is also a problem with processor performance, especially technology developed by Intel and called Hyper Threading, which is present in the vast majority of them and can improve their performance without a significant increase in costs. Juffridd explains that you need to disable this feature, because "it does not guarantee security from attacks and some software protects it. This is" very difficult, if not impossible. " According to him, “this failure is the first to demonstrate the problem that this technology can create.” Also, do not forget that some companies, such as Google in the case of their Chrome OS operating system, have decided to turn it off.

Post a Comment

0 Comments