Rush to fix ‘serious’ computer chip flaws

BBC | Published: 12:50, Jan 04,2018


Tech firms are working to fix bugs that could allow hackers to steal personal data from computer systems.

Google researchers said there were ‘serious security flaws’ in chips made by Intel, AMD and ARM, affecting devices which use them.

The industry has been aware of the problem for months and hoped to solve it before details were made public.

The UK’s National Cyber Security Centre said there was no evidence that the vulnerability had been exploited.

Some fixes, in the form of things like software updates, have been introduced or will be available in the next few days, said Intel, which provides chips to about 80 per cent of desktop computers and 90 per cent of laptops worldwide.

Microchips are the basic electronic systems behind many devices such as computers and mobile phones.

The issue was originally linked to a flaw only in Intel’s chips, but the firm said this was ‘incorrect’.

‘Many types of computing devices - with many different vendors’ processors and operating systems - are susceptible to these exploits,’ said Intel.

ARM said patches had already been shared with its customers, which include many smartphone manufacturers.

AMD said it believed there was ‘near zero risk to AMD products at this time.’

On a conference call for investors, Intel said researchers had shown that hackers could exploit vulnerabilities, gaining the ability to read memory and potentially access information such as passwords or encryption keys on devices.

Microsoft, which uses Intel chips said it would roll out security updates on Thursday, adding it had no information suggesting any compromised data.

Apple is working on updates for its laptops and desktops.

Google published a blog detailing what some customers may need to do. It said Android phones with the latest security updates were protected, and that Gmail was safe. It will be releasing security patches for users of older Chromebooks, while there will also be a fix for users of the Chrome web browser.

The NCSC said it was aware of the reports of the potential flaw and advised that all organisations and home users ‘continue to protect their systems from threats by installing patches as soon as they become available.’

Experts advised caution on the issue.

‘It is significant but whether it will be exploited widely is another matter,’ said professor Alan Woodward, from the University of Surrey.

More about:

Want stories like this in your inbox?

Sign up to exclusive daily email