Intel chief says chip flaw damage contained by industry

0
25


The chief executive of Intel has said software fixes for Meltdown and Spectre could be released in the coming days.

Speaking at a keynote speech at the Consumer Electronics Show (CES) in Las Vegas, Brian Krzanich said 90 per cent of chips in the last five years would be fixed ‘within a week’.

He said the impact of the recently discovered vulnerability in computer chips has been limited due to ‘remarkable’ collaboration by the tech industry.

The major microchip security flaw affected nearly all computer chips made in the last decade. 

Scroll down for video 

Intel chief Brian Krzanich said software fixes for Meltdown and Spectre could be released in the coming days. He said the impact of the recently discovered vulnerability in computer chips has been limited due to ‘remarkable’ collaboration by the tech industry

MELTDOWN AND SPECTRE

Security researchers at Google’s Project Zero computer security analysis team, in conjunction with academic and industry researchers from several countries, exposed the two flaws last week.

Meltdown, which is specific to Intel chips, lets hackers bypass the hardware barrier between applications run by users and the computer’s memory, potentially letting hackers read a computer’s memory.

It was first discovered by Project Zero in June last year, when expert Jann Horn found that passwords, encryption keys, and sensitive information open in applications that should have been protected could be accessed.

A second bug, called Spectre, affects chips from Intel, AMD and Arm.

This lets hackers potentially trick otherwise error-free applications into giving up secret information.

Project Zero disclosed the Meltdown vulnerability not long after Intel said it’s working to patch it.

Intel says the average computer user won’t experience significant slowdowns as it’s fixed.

Last week, Alphabet’s Google  and other security researchers disclosed two major chip flaws, one called Meltdown affecting only Intel Corp chips and one called Spectre, that left computing devices vulnerable to hackers.  

Krzanich took the unusual step of addressing the security issue as he delivered a keynote ahead of the opening of the CES event, expected to draw some 180,000 people from the sector.

As yet, Krzanich said, there is no information to suggest any loss of data from the so-called Meltdown and Spectre flaws and he added, ‘We are working tirelessly to make sure it stays that way.’ 

The Intel chief executive made his most high-profile public comments since the release of research highlighting vulnerabilities affecting the chips powering most modern PCs and many mobile devices.

‘The collaboration of so many companies (to mitigate the threat) is truly remarkable,’ Krzanich said.

‘Security is job number one for Intel and our industry. The primary focus of our discussions (on this issue) is to keep our customers data safe.’

Researchers at Google showed how a hacker could exploit the flaw to get passwords, encryption codes and more, even though there have been no reports of any attacks using the vulnerability.

Some analysts have warned that the threat is unique because it is an issue affecting hardware used in many computing systems.

Krzanich said updates will be available for 90 per cent of its products in the coming days and the for the rest by the end of January, and urged all computer users to update as quickly as possible.

Yesterday Apple released an updated version of its operating system software to fix the major microchip security flaw.

‘iOS 11.2.2 includes security improvements to Safari and WebKit to mitigate the effects of Spectre,’ the firm said.

The technology giant also released software updates for its Mac, Apple TV and Apple Watch.

Krzanich took the unusual step of addressing the security issue as he delivered a keynote ahead of the opening of the CES event, expected to draw some 180,000 people from the sector

Krzanich took the unusual step of addressing the security issue as he delivered a keynote ahead of the opening of the CES event, expected to draw some 180,000 people from the sector

As yet, Krzanich said, there is no information to suggest any loss of data from the so-called Meltdown and Spectre flaws and he added, 'We are working tirelessly to make sure it stays that way'

As yet, Krzanich said, there is no information to suggest any loss of data from the so-called Meltdown and Spectre flaws and he added, ‘We are working tirelessly to make sure it stays that way’

HOW TO UPDATE ALL OF YOUR APPLE DEVICES

The latest updates, 11.2.2 for iOS and 10.13.2 for macOS High Sierra, are available now for iPhones, iPads, and Macs to protect users. 

To make sure you are protected, download the latest updates on your device.

  • On iOS, go to Settings, General then Software Update, then tap Download and Install.
  • On MacOS, open the App Store and click Updates in the App Store toolbar, then use the Update buttons to download and install any updates listed.
  • On Apple TV, go to Settings, System, then Software Updates. Select Update Software, then select Download and Install. After the update downloads, your Apple TV will restart and prepare the update.

Macs, iPhones, iPads and Apple TV were all hit by the Meltdown and Spectre vulnerabilities.

Apple says it has already put measures in place to help protect its customers and more will be released in the coming days.

Measures released in iOS 11.2, macOS 10.13.2, and tvOS 11.2 will to help defend against Meltdown.

Apple Watch is not affected by the issue. 

 

The iPhone maker had said on Thursday it will release a patch for the Safari web browser on its iPhones, iPads and Macs.

Apple had also said that there were no known instances of hackers taking advantage of the flaw.

‘For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available,’ the company said on its website.

The iOS update is available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation, it said.

Details emerged yesterday about two massive security flaws which put billions of people worldwide at risk of being hacked. Meltdown and Spectre could let cyber criminals steal data from nearly every computing device containing chips from Intel, AMD and Arm

INDUSTRY’S BIGGEST PLAYERS

Intel, AMD and Arm are three of the biggest names in the world of computer processors.

Intel 

Intel, the world’s leading semiconductor manufacturer, started life producing memory chips, including the first metal oxide semiconductor in 1969.

The firm’s introduction of the Pentium microprocessor in 1993 helped usher in a personal computer revolution during that decade.

Major companies, including Dell and HP, were early adopters of Intel’s chips in their PCs. 

Today, most laptop and desktops in the world are powered by an Intel CPU, including rival Apple Macs, which dropped its proprietary chips in favour of the industry leader’s in 2005.   

AMD

Advanced Micro Devices, better known as AMD, is Intel’s only significant rival in the PC processor marketplace.

Alongside Nvidia, it is also one of two dominant players in the manufacture of graphics processing units, used in PC video gaming.

Both Microsoft and Sony chose AMD processors over Intel’s to power their latest consoles, the Xbox One and PS4.

AMD processors are also the preferred choice for many custom and home built PCs, particularly among the gaming community.

Arm

Arm processors have conquered the world of smart devices, thanks to their stripped back design.

British company Arm Holdings develops the design of the chips, which is then licensed to other firms.

Processors that use the company’s RISC architecture require fewer transistors than larger personal computer chips.

This makes them cheaper, use less power and give off less heat, making them ideal in smaller, more portable gadgets.

This ranges from smartphones to internet connected baby monitors.

Every iPhone, iPad and Mac device could be at risk of being hacked, it had previosuly warned.

Apple confirmed last week that almost all of its devices are affected by Intel and Arm chip ‘design flaws’ that could expose billions of people’s personal data to cyber criminals.

The tech company has warned its customers to only download software for its platforms from trusted sources, like the App Store.

Apple says it has already put measures in place to help protect its customers from Meltdown and more will be released in the coming days.

Yesterday the firm released further measures for its Safari web browser to help defend against Spectre.

Browser makers Google, Microsoft Corp and Mozilla Corp’s Firefox all confirmed to Reuters that the patches they currently have in place do not protect iOS users.

Apple says it has already put measures in place to help protect its customers and more will be released in the coming days. Macs, iPhones, iPads and Apple TV are all hit by the weakness. The updates had no effect on performance, a spokesman for Cupertino-based company said

Apple says it has already put measures in place to help protect its customers and more will be released in the coming days. Macs, iPhones, iPads and Apple TV are all hit by the weakness. The updates had no effect on performance, a spokesman for Cupertino-based company said

HOW TO PROTECT YOURSELF

Intel – Chips from the past five years have been patched, more to come

The chip manufacturer says it has already issued updates for the majority of processor products introduced within the past five years. 

The chief executive of Intel has said software fixes for Meltdown and Spectre could be released in the coming days.

Speaking at a keynote speech at the Consumer Electronics Show (CES) in Las Vegas, Brian Krzanich said 90 per cent of chips in the last five years would be fixed ‘within a week’. 

Reports have suggested that up to 15 years of Intel processors may be affected.

Google – Patch available

On January 5, Google issued a security update to protect Android phones.

Google-branded phones should automatically download the update and you need to just install it. With Pixel and Pixel 2 the update will automatically install too.

Some Android phone manufacturers are slow to patch, so you should contact them to make sure they update it as soon as possible.

The patch for Chrome will be installed on January 23 and some Chromebooks had a mitigation in its OS 63, released in December, write Wired.

If don’t want to wait until then an experimental feature from Google called Site Isolation can help in the meantime. This feature makes it harder for malicious websites to access data from other websites you are looking at, writes Cnet.

To use this feature on Windows, Mac, Linux, Chrome OS or Android copy and paste chrome://flags/#enable-site-per-process into the URL in Chrome. Click ‘Strict Site Isolation’ and then press ‘Enable’.

Save your work and then press ‘Relaunch now’.

A few Chromebooks are not expected to get the patch because they are too old. Here is a full list (look for ‘no’ in the right-hand column).

According to Google no other products are affected by these vulnerabilities.

Microsoft – Windows 10 patch available, older versions to come

There is already a patch available for Windows 10 which will automatically be applied. 

For older operating systems a patch will be available next week. According to the company, Azure infrastructure is updated. 

Linux – Patch available

The system has a patch.  

Reports suggest it can slow down Linux-based systems by as much as 17 per cent. Users can opt out if they do not want it.

Amazon – Cloud services patched

The company says its web services have been updated.

Major cloud services aimed at business customers, including Amazon Web Services, Google Cloud Platform and Microsoft Azure, say they have already patched most of their services

Consumers should check with their device maker and operating system provider for security updates and install them as soon as possible.

With Safari and virtually all other popular browsers not patched, hundreds of millions of iPhone and iPad users may have no secure means of browsing the web until Apple issues its patch.

Apple stressed that there were no known instances of hackers taking advantage of the flaw to date.

In a written statement last week, Apple said: ‘All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time.

‘Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store.

‘We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS.’

 





Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here