‘Billions’ of Intel computers potentially affect by huge security vulnerability

Issue has now been fixed, company says

Andrew Griffin
Wednesday 09 August 2023 12:21 EDT
Comments
Data shows the number of applications to computing by 18-year-olds in the UK has risen by 9.5% (PA)
Data shows the number of applications to computing by 18-year-olds in the UK has risen by 9.5% (PA) (PA Wire)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A major security vulnerability had the potential to hit “billions” of computers, according to the Google researchers who discovered it.

The security flaw, dubbed “Downfall”, attacked Intel processors in a way that would allow hackers to steal passwords, encryption keys and private data from users. That’s according to Daniel Moghimi, the senior research scientist at Google who found the problem and disclosed it this week.

He alerted Intel about the issue with its chips, and the company has since sent out an update to fix it. But the issue could have affected “billions of personal and cloud computers”, Google said.

“Had these vulnerabilities not been discovered by Google researchers, and instead by adversaries, they would have enabled attackers to compromise Internet users,” the researchers wrote in a blog post.

The attack worked by breaking through the boundary that is intended to keep software safe from attacks on the hardware. In doing so, attackers would have been able to find data that belongs to other users on the system, the attackers said.

It did so by exploiting technologies that are intended to speed up various processes on the chip. Attackers were able to exploit those tools to steal sensitive information that should have stayed available only to its owner, when they were signed in.

The nature of the attack means that hackers would need to be on the same physical processor as the person they are attacking. But that would be possible using malware, or the shared computing model that powers cloud computing, for instance.

Intel said that the problem does not affect recent versions of its chips, and that the fix does not cause major problems. But it did suggest that users could disable the fix, if they thought the risk was not worth the slight drawbacks in performance.

The company also told Bleeping Computer that “trying to exploit this outside of a controlled lab environment would be a complex undertaking”.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in