The security team at tech giant Google on Wednesday said they have discovered serious flaws in the computer processors built by Intel and other chipmakers.
The company said that researchers discovered this vulnerability in 2017, and were waiting for a coordinated release of this information on January 9. However, they decided to make it public as the news leaked.
“Last year, Google’s Project Zero team discovered serious security flaws caused by speculative execution, a technique used by most modern processors to optimise performance,” the company said in a statement. “These vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running on them.”
Speculative execution allows a chip to perform a task before it is assigned to do it. This helps it speed things up. However, it is vulnerable to hackers, who can access critical information stored in the chip’s memory, including encryption keys and passwords, TechCrunch reported.
A team of researchers at Project Zero, and universities including the Graz University of Technology, the University of Pennsylvania, the University of Adelaide in Australia, and security companies such as Cyberus and Rambus also released the full details of two attacks based on the flaw, which they called Meltdown and Spectre.
“These hardware bugs allow programs to steal data which [is] currently processed on the computer,” the researchers said. “While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs.”
Though constructed on the same general principle, Meltdown can make malicious programmes access higher-privileged parts of a computer’s memory and steal data, Wired reported. Spectre steals data from the memory of other applications running in a computer.
“With these glitches, if there is any way an attacker can execute code on a machine, it cannot be contained anymore,” Ben Gras, a security researcher at the Vrije Universiteit in Amsterdam, told the Wired.