Posted By RichC on May 17, 2019
Intel chips are presenting a huge problem for nearly every computer user with chips since 2011. These Intel chips have vulnerabilities that if exploited can be used to steal sensitive information directly from the processor.
According to published articles from security experts, "the bugs are reminiscent of Meltdown and Spectre, which exploited a weakness in speculative execution, an important part of how modern processors work."
Although no attacks have been publicly reported, the researchers couldn’t rule them out nor would any attack necessarily leave a trace, they said.
What does this mean for the average user? There’s no need to panic, for one.
These are far from drive-by exploits where an attacker can take over your computer in an instant. Gruss said it was “easier than Spectre” but “more difficult than Meltdown” to exploit — and both required a specific set of skills and effort to use in an attack.
But if exploit code was compiled in an app or delivered as malware, “we can run an attack,” he said.
There are far easier ways to hack into a computer and steal data. But the focus of the research into speculative execution and side channel attacks remains in its infancy. As more findings come to light, the data-stealing attacks have the potential to become easier to exploit and more streamlined.
But as with any vulnerability where patches are available, install them.
Intel has released microcode to patch vulnerable processors, including Intel Xeon, Intel Broadwell, Sandy Bridge, Skylake and Haswell chips. Intel Kaby Lake, Coffee Lake, Whiskey Lake and Cascade Lake chips are also affected, as well as all Atom and Knights processors.
But other tech giants, like consumer PC and device manufacturers, are also issuing patches as a first line of defense against possible attacks.
In a call with TechCrunch, Intel said the microcode updates, like previous patches, would have an impact on processor performance. An Intel spokesperson told TechCrunch that most patched consumer devices could take a 3 percent performance hit at worst, and as much as 9 percent in a datacenter environment. But, the spokesperson said, it was unlikely to be noticeable in most scenarios.
And neither Intel nor Gruss and his team have released exploit code, so there’s no direct and immediate threat to the average user.
But with patches rolling out today, there’s no reason to pass on a chance to prevent such an attack in any eventuality.