CPU chips are the brains of our computers. They handle all the complex processes and actions that unfold behind our screens, so when a chip goes bad, it can spell disaster. That’s why security flaws in CPU chips are of the utmost concern for programmers and researchers alike. Click or tap to learn more about the flaws that put millions of computers at risk.
When cybersecurity researchers discover a dangerous flaw in a critical system like a CPU, it’s their duty to report it to manufacturers. It’s then the manufacturer’s job to fix the issue before hackers can exploit them. But what happens when their warnings are ignored? The result is a less safe digital ecosystem for everyone.
A year ago, a team of cybersecurity researchers discovered a dangerous vulnerability in chips made by Intel — one of the world’s biggest CPU manufacturers. The odd part? Intel still hasn’t done anything about it. Here’s what they found, and why Intel’s lack of response makes everyone less safe.
New security flaw falls on deaf ears
According to new reports from Wired, a team of researchers from Vrije Universiteit in Amsterdam, KU Leuven in Belgium, the German Helmholtz Center for Information Security and the Graz University of Technology in Austria, has revealed a new security flaw found in chips made by Intel.
This flaw is similar to Zombieload (also known as Zombieland), a flaw that lets hackers access private data stored in the chip for faster processing. Click or tap here to learn more about Zombieload.
Unlike previous flaws like Spectre and Meltdown (also discovered by several of the same researchers), when the flaw was discovered and reported to Intel, the company did nothing. Instead, they sat on the research for a year with no activity — which prompted the research team to reveal their findings to the public.
To exploit the flaw, all a hacker needs to do is aggressively attack the temporary memory of the chip. Once they’ve compromised the chip, they can start leaking and harvesting its data. It’s currently unknown why Intel did nothing with the findings, but to its credit, Intel has admitted it’s currently working on a fix.
The Intel chip fix will be distributed as a patch for users to download at a later date. We’ll be updating this story as soon as we learn more about Intel’s official patch.
Why hasn’t Intel done anything? Why didn’t the researchers speak up sooner?
To understand the logic behind Intel’s decision, you need to understand the dangers of spelling out security flaws. Concerned citizens aren’t the only people reading cybersecurity news on the regular — hackers like to stay informed as well.
Give too much information about a vulnerability, and you end up providing ammunition to the very people you’re trying to stop. Give too little, and you have a situation like what we’re seeing today.
Intel claims it acted the way it did (which is to say, not at all) because no evidence was found that the glitch had been exploited in the wild. While this is a relief to hear, it doesn’t bode well for the state of Intel’s security. Just because a bridge with a structural weakness hasn’t collapsed doesn’t mean it’s safe to walk over.
To make matters worse, Intel reportedly advised the researchers to stay quiet about their findings this past year to prevent hackers from learning how to crack the exploit. Shouldn’t there be an honest way to do this?
Regardless of where you stand on Intel’s decision, it’s important to remember this company provides more computer chips than any other on earth. It’s very likely the computer you’re reading this article on has an Intel chip. If that many products are affected, it’s a sobering reminder of just how dangerous product-wide vulnerabilities can be.
As always, to keep yourself safe online, make sure you’re sticking to familiar websites and platforms. Avoid downloading anything from unknown sources and tread cautiously when opening emails from unknown senders.
Don’t download any attachments from emails either, unless you’re 100% certain about the file in question. Otherwise, you may be dealing with a “zombified” computer of your very own — and nobody wants that.