Tech companies scramble to patch microchip security flaws

By Paul Bremmer


Technology companies are playing down the severity of two recently discovered security problems with computer microchips, saying there will be no need for widespread hardware replacements to shield millions of devices from hackers.

But this week, Google and other security researchers revealed two major chip flaws. One of them, called Meltdown, affects only Intel Corp chips, while the other, called Spectre, impacts almost all computer chips made in the past 10 years.

These flaws could permit a hacker to read passwords stored in a device’s memory or see what tabs a person has open on his computer, according to CNN.

Daniel Gruss, the information security researcher who helped discover the Meltdown flaw, said billions of devices were affected, although it may be difficult to pull off an attack.

Some feared that software patches to fix the issues would slow computers and force millions of consumers to buy new hardware, leading to lawsuits against Intel. However, Intel released a statement late Thursday saying the recent security updates should not impact performance significantly and the effects will be mitigated over time.

It assured consumers that Apple, Amazon, Google and Microsoft had all reported little to no performance impact from security patches thus far.

“Intel continues to believe that the performance impact of these updates is highly workload-dependent and, for the average computer user, should not be significant,” the company said, according to Reuters.

Intel admitted the newly discovered security flaws could let hackers steal sensitive information from computers, phones and other devices. But Intel maintained the problem was not the result of faulty design. The company said it would ask users to download a patch and update their operating systems to fix the issue.

Microsoft and Google, meanwhile, say they foresee few performance issues for the majority of their cloud computing customers. Likewise, Apple released a statement Thursday saying its tests indicated security patches would not significantly impact processing speeds.

Government-sponsored researchers seem to agree with the tech companies. On Friday, CERT, the cyber security project at Carnegie Mellon University sponsored by the U.S. government, withdrew its recommendation for the replacement of affected systems’ central processing units (CPUs).

CERT assured consumers that “operating system and some application updates mitigate these attacks.”

However, Gruss told Reuters there were no solutions yet that could address the flaws in processors he and other researchers found. He said all CPUs, including very recent ones, are affected, adding that software updates can fix “most” of the problems but still leave vulnerabilities.

Google, Microsoft and Mozilla, all makers of popular browsers, admitted to Reuters Thursday the security patches they are currently employing don’t protect iOS users. With so many widely used browsers not effectively patched, hundreds of millions of iPhone and iPad users may not be able to securely browse the Web until Apple releases its patch.

And Apple claimed it would take a few days to release a patch for the Safari browser on its devices. It claimed it did not know of any hackers taking advantage of the security problem so far.

Leave a Comment