Home United States USA — software This major Intel security flaw could leave millions of users at risk

This major Intel security flaw could leave millions of users at risk

119
0
SHARE

But a fix could hurt performance of Intel chips too
A major vulnerability, dubbed Downfall, has been found lurking in most Intel chips designed over the past decade, and if cybercriminals find a way to exploit it, a lot of people could be in trouble. 
This is the conclusion of cybersecurity researcher named Daniel Moghimi, who works at the University of California, San Diego, as well as at Google (as a Senior Research Scientist), who last year discovered a way for programs and apps to read data belonging to other apps – data they’re not supposed to be able to read. As explained, modern processors have a feature called “register buffer” which stores some data in order to run certain operations faster. That data can include, for example, a password to a banking service.
By being able to tap into the data held in this register buffer, threat actors could steal this data, and possibly cause havoc inside victim’s systems. The consequences easy to imagine.Analysis: Why does it matter?
“When you have a vulnerability like this, essentially this software-hardware contract is broken, and the software can access physical memory inside the hardware that was supposed to be abstracted away from the user program,” Moghimi told CyberScoop in an interview. “It violates a lot of assumptions we make in general about operating system security.” 
In other words, if the vulnerability turns out to be as dangerous as Moghimi claims it to be – it could completely change the tech industry. After all, Intel has sold billions of these chips in the last decade.
The full list of affected devices can be found here, but to save you the trouble, it affects plenty of chips used in servers. The basic premise of public cloud offerings is that multiple companies can use the same servers to store data, run apps in the cloud, and more.

Continue reading...