You are here
Computer chip 'flaw' sparks security debate amid scramble for fix
[WASHINGTON] Technology giant Intel acknowledged a vulnerability Wednesday that could allow hackers to access stored data on most modern computer systems, but said the security risks were minimal.
The computer chipmaker issued a statement amid a flurry of concerns voiced after researchers discovered what was described as a "flaw" which could allow privately-stored data in computers and networks to be leaked.
Intel labeled as "incorrect" the reports describing a "bug" or "flaw" unique to its products.
"Based on the analysis to date, many types of computing devices - with many different vendors' processors and operating systems - are susceptible to these exploits," the Intel statement said.
"Intel believes these exploits do not have the potential to corrupt, modify or delete data." Intel said it was working with rivals AMD and ARM Holdings - which designs systems for mobile devices - and with the makers of computer operating software "to develop an industry-wide approach to resolve this issue promptly and constructively."
Intel chief executive Brian Krzanich told CNBC meanwhile that "basically all modern processers across all applications" use this process known as "access memory," which was exploited by Google researchers and kept confidential as companies work on remedies.
Jack Gold, an independent technology analyst, said he was briefed in a conference call with Intel, AMD and ARM on the issue and that the three companies suggested concerns were overblown.
"The story is not that there is a flaw in Intel chips," Mr Gold said.
The companies were working on remedies after "some researchers found a way to use existing architecture and get into protected areas of computer memory and read some of the data," Gold said, adding that this is a function of all modern computer architecture.
Earlier this week, some security researchers said any fix - which would need to be handled by software - could slow down computer systems, possibly by 30 per cent or more.
Intel's statement said these concerns too were exaggerated.
"Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time," the company statement said.
Earlier Wednesday, Tatu Ylonen, security researcher at SSH Communications Security, noted that the flaw, if exploited, could allow hackers to gain access to private data, including passwords, banking data and encrypted or classified information.
The patch "will be effective" but it will be critical to get all networks and cloud services upgraded, Mr Ylonen said.
"There are thousands of small cloud providers and all of them will need to upgrade," he said.
British security researcher Graham Cluley also expressed concern "that attackers could exploit the flaw on vulnerable systems to gain access to parts of the computer's memory which may be storing sensitive information. Think passwords, private keys, credit card data."
Mr Cluley said in a blog post that it was "good news" that the problem had been kept under wraps to allow operating systems such as those from Microsoft and Apple to make security updates before the flaw is maliciously exploited.
"The bad news is that no-one likes to make such low level security updates, particularly under such time-sensitive conditions," Mr Cluley said.
"Inevitably some businesses will find themselves disrupted by the process."