Security flaws in Intel, AMD, ARM chips: What you need to know

Intel chief executive officer Brian Krzanich said in an interview with CNBC on Wednesday (Jan 3) that "phones, PCs, everything are going to have some impact, but it'll vary from product to product".
Intel chief executive officer Brian Krzanich said in an interview with CNBC on Wednesday (Jan 3) that "phones, PCs, everything are going to have some impact, but it'll vary from product to product". PHOTO: REUTERS

Security researchers have discovered security flaws in chips from Intel, Advanced Micro Devices (AMD) and ARM Holdings that could allow hackers to steal sensitive information from millions of devices worldwide.

Intel chief executive Brian Krzanich said in an interview with CNBC on Wednesday (Jan 3) that "phones, PCs, everything are going to have some impact, but it'll vary from product to product".

Here is what you need to know about the security flaws:

What are the flaws?

The defect affects the so-called kernel memory on Intel x86 processor chips manufactured over the past decade.

Researchers with Alphabet's Google Project Zero, together with academic and industry researchers, have uncovered two bugs known as Spectre and Meltdown.

Spectre is found in chips made by Intel, AMD and ARM, while Meltdown affects only Intel chips.

Tech publication The Register broke the news of the flaws, which it said are also likely to affect major cloud computing platforms such as Amazon, Microsoft Azure and Google.

When was the problem discovered?

Mr Krzanich said that Google researchers told Intel of the flaws "a while ago" and that Intel had been testing fixes that device makers who use its chips will push out next week.

Google on its blog said that Intel and the others planned to disclose the issues on Jan 9, but were forced to do so early after the problems became public.

What information is at risk?

Meltdown lets hackers bypass the hardware barrier between applications run by users and the computer's memory, potentially letting hackers read a computer's memory and steal passwords.

 
 

Meanwhile, Spectre could allow hackers to potentially trick otherwise error-free applications into giving up secret information.

Graz University of Technology researcher Daniel Gruss, who discovered Meltdown, told Reuters that Meltdown is the more serious problem in the short term, but could be decisively stopped with software patches.

Spectre is harder for hackers to take advantage of but less easily patched and will be a bigger problem in the long term, he said.

What can I do to protect my devices?

The Cyber Security Agency of Singapore (SingCert) on Thursday (Jan 4) urged users to apply available security software fixes immediately.

Intel said in a statement that it has begun providing software and firmware updates to "mitigate these exploits".

BBC reported that the three major operating system makers - Microsoft, Apple and Linux - are all issuing updates, though Apple and Microsoft have not said precisely when.

Google said on its blog that all Android devices with the latest security update are protected and that its Google Apps/ G Suite, including Gmail, do not require users to take any action.

It will be releasing a fix for Chrome web browser users.

Will there be an impact on my computer?

The Register reported that the updates to fix the problems could cause Intel chips to operate slower by 5 per cent to 30 per cent.

However, Intel has denied this, saying that the impact on performance will not be significant for regular users.