@ Risk

Be­ware of se­cu­rity flaws in In­tel, AMD, ARM chipsets

Gadgets and Gizmos (India) - - CONTENTS - BY NIDHI SINGAL

The re­cently dis­cov­ered se­cu­rity flaw in In­tel pro­ces­sors has put al­most mil­lions of computers at risk giv­ing hack­ers the lever­age to steal sen­si­tive in­for­ma­tion. It is be­ing re­ported that this se­cu­rity flaw went un­no­ticed for a decade. Soft­ware gi­ants are now work­ing on fix­ing the flaw, but this could po­ten­tially slow down de­vices by upto 30 per cent.

Ra­jpreet Kaur, Se­nior Re­search An­a­lyst, Gart­ner, ex­plains, “The bug re­lated to data leakage from priv­i­leged mem­ory will re­quire In­tel to fix it by mak­ing changes to their chips. This bug has two main im­pacts: the first be­ing ‘se­cu­rity im­pact’, as this flaw can be used by mal­ware to ex­ploit sen­si­tive data from the mem­ory; and the sec­ond ‘per­for­mance im­pact’ – al­though it is not very clear now, but in case this has a se­ri­ous im­pact on per­for­mance, it will im­pact ap­pli­ca­tions de­liv­ery.”

In­tel has is­sued a list of In­tel­based plat­forms im­pacted by this is­sue. This in­cludes In­tel Corei3 , Corei5, Corei7 pro­ces­sors (45nm and 32nm), In­tel Core M pro­ces­sor fam­ily (45nm and 32nm), 2nd Gen­er­a­tion, 3rd Gen­er­a­tion, 4th Gen­er­a­tion, 5th Gen­er­a­tion, 6th Gen­er­a­tion, 7th Gen­er­a­tion and 8th Gen­er­a­tion In­tel Core pro­ces­sors, and oth­ers.

Ac­cord­ing to a post on In­tel’s web­site, the com­pany claims to have “started pro­vid­ing soft­ware and firmware up­dates to mit­i­gate these

ex­ploits. End users and sys­tems administrators should check with their oper­at­ing sys­tem ven­dors and sys­tem man­u­fac­tur­ers, and ap­ply any up­dates as soon as they are avail­able”.

The com­pany fur­ther clar­i­fied: “On Jan­uary 3, 2018, a team of se­cu­rity re­searchers dis­closed sev­eral soft­ware anal­y­sis meth­ods that, when used for ma­li­cious pur­poses, have the po­ten­tial to im­prop­erly gather sen­si­tive data from many types of com­put­ing de­vices with many dif­fer­ent ven­dors’ pro­ces­sors and oper­at­ing sys­tems. In­tel is com­mit­ted to prod­uct and cus­tomer se­cu­rity and to re­spon­si­ble dis­clo­sure. We worked closely with many other tech­nol­ogy com­pa­nies, in­clud­ing Ad­vanced Mi­cro De­vices (AMD), ARM Hold­ings and sev­eral oper­at­ing sys­tem ven­dors, to de­velop an in­dus­try-wide ap­proach to mit­i­gate this is­sue promptly and con­struc­tively.”

Kaur fur­ther rec­om­mends that users us­ing pub­lic clouds must ask for an up­date from their plat­form providers on fix­ing the flaw. Make sure you are aware of any main­te­nance down­time which might be re­quired. End users are re­quired to ap­ply patches to fix this bug through their OS. Closely mon­i­tor and test the per­for­mance im­pact be­fore ap­ply­ing any changes to the ap­pli­ca­tions in­fra­struc­ture. Make sure to al­lo­cate suf­fi­cient mem­ory to re­duce the per­for­mance im­pact.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.