Flawed computer chips and how to fix them
PARIS: As tech giants race against the clock to fix major security flaws in microprocessors, many users are wondering what lurks behind unsettling names like ‘Spectre’ or ‘Meltdown’ and what can be done about this latest IT scare.
Meltdown and Spectre are the names given to two flaws which have been detected in most of the micro processors in use today, be it on computers, tablets, smartphones or game consoles.
They are among the first flaws ever found to affect the running of every IT system in the world.
Meltdown appears for now to affect mostly chips built by US giant Intel, according to sector specialists Kaspersky Labs and Symantec.
The flaw could allow attackers to break down the barrier between user apps and the heart of the operating system, according to Kaspersky Labs, “enabling them to potentially steal data from the memory of running apps”.
Anybody exploiting the flaw would get access to a complete cartography of all the files present in the device’s memory at the time of the attack, by hijacking a process that was originally designed to optimize processor performance.
The Spectre threat is potentially even bigger because it concerns all chip makers: AMD and AMR as well as Intel.
A microprocessor is the central element of computers, smartphones and other digital devices, allowing them to function by carrying out instructions and handling programme data.
A processor is made up of a number of transistors.
The more transistors there are, the higher the chip’s capacity to handle data.
These chips are called microprocessors because processor sizes have come down significantly to integrate them into small devices.
Processor power is measured in bits, a gauge of how many pieces of information a processor can handle at any one time.
Potentially they are enormous dangers.
Hackers who know what they’re doing could, for example, use Meltdown to gain access to all information stored on a remote server, or cloud, so long as they rent space on the same server.
The stakes are highest for the protection of sensitive data such as passwords, pictures, personal documents and e-mails.
Cloud storage sites represent a particularly grave risk because once such a server is vulnerable, so are all data hosted there.
This is why Microsoft, Amazon or OVH have been scrambling to install updates to restore data protection on their servers. — AFP