Computer security experts have discovered two fundamental security vulnerabilities at the architecture level of almost all microprocessors, triggering an avalanche of worry in the digital world as the massive flaws could allegedly allow hackers to steal virtually the entire memory contents of computers across the globe.
According to multiple reports on Wednesday, the pair of problems, called Meltdown and Spectre, exit in kernel, a building block of computers that serves as the brain of all computing systems, including desktops, laptops, smart phones, and servers running in so-called cloud computer networks.
The flaws were discovered by Jann Horn, a security analyst at a Google-run security research group called Google Project Zero, last year, prompting him to alert the Intel, the American multinational corporation and technology company headquartered in Santa Clara, California, in the Silicon Valley.
Meltdown and Spectre can be exploited by malicious actors to “read sensitive information in [a] system’s memory, such as passwords, encryption keys, or sensitive information open in applications,” said Google in an official FAQ.
According to researchers, there is no real and straightforward fix for Specter since it is interwoven in the fundamental way processors are designed and the ultimate solution to it could require redesigning the processors. The threat from Spectre “is going to live with us for decades,” said Paul Kocher, a senior computer researcher.
As for Intel-specific Meltdown, which is a particular problem for the cloud servers operated by the likes of Amazon, Google, and Microsoft, a software patch is required to fix the issue but at the cost of slowing down computers by as much as 30 percent — a certain irritant for those who are accustomed to fast downloads from their favorite online services.
Google and Microsoft said on Wednesday evening that they had updated their systems to deal with Meltdown, which affects nearly all microprocessors made by Intel. The Intel-made chips are currently employed in over 90 percent of the servers that underpin the Internet and private business operations.
“Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed,” Intel said in a statement on Wednesday, adding “Intel believes these exploits do not have the potential to corrupt, modify or delete data.”
However, there is no evidence that hackers have so far taken advantage of the flaws to access sensitive or confidential information, including passwords.