Tech giants scramble to fend off chip security flaws

Tech giants scramble to fend off chip security flaws
By Natalie Huet with Reuters
Share this articleComments
Share this articleClose Button
Copy/paste the article video embed link below:Copy to clipboardCopied

Hundreds of millions of iPhone and iPad users could be at risk of hacking until Apple releases a patch to its Safari web browser that protects them from "Spectre", one of the two major vulnerabilities discovered this week.

ADVERTISEMENT

After discovering two major flaws in computer chips that could leave nearly all desktops and mobile devices vulnerable to hacking, tech giants including Apple have rushed to patch their technology.

But while updates should protect most users against one of the vulnerabilities, dubbed Meltdown, the second one, Spectre, is proving trickier to tackle.

Daniel Gruss, the 31-year-old information security researcher and post-doctoral fellow at Austria's Graz Technical University who discovered Meltdown, said it could be compared to "a pickpocket".

"You can easily learn the tricks of a pickpocket and, as compared to that, the Spectre attack is more like a Jedi mind trick, and you convince someone else to just hand them over their purse," Gruss told Reuters in an interview.

"The Spectre attack manipulates the computer into a state where it believes it should do something that it should not do. So, it's a sort of different angle of the attack here, and therefore it's much harder to exploit but, also, much harder to prevent."

Governments and security experts say they have seen no cyberattacks seeking to exploit either vulnerability so far, but they expect attempts to come as hackers digest technical data about the flaws.** **

What measures have companies taken so far?

Major companies including Apple, Google, Microsoft and Amazon.com have quickly patched their technology to mitigate against the threat from Meltdown, which only affects machines running Intel chips.

They said they had seen no significant impact on computers' performance after installing the patches.

However Intel, the world’s No. 1 chipmaker, is already facing several lawsuits seeking compensation over the vulnerabilities and the updates needed to patch them, which have raised fears devices will be slowed down and effectively force consumers to buy new hardware.

"Intel continues to believe that the performance impact of these updates is highly workload-dependent and, for the average computer user, should not be significant and will be mitigated over time," the company said in a statement.

Who could be at risk?

Major software makers have *not *issued patches to protect against Spectre, which affects nearly all computer chips made in the last decade. However, Google, Firefox and Microsoft have implemented measures in most web browsers to stop hackers from launching remote attacks using Spectre.

Apple said all Mac systems, iPhones and iPads were affected – with only the Apple Watch spared - but there were no known exploits impacting customers so far.

It said it planned to release a patch to its Safari web browser within coming days to protect Mac and iOS users from Spectre.

Until then, hundreds of millions of iPhone and iPad users will be exposed to potential Spectre attacks while browsing the Web.

Apple is therefore advising its customers to only download software from trusted sources such as the App Store.

Share this articleComments

You might also like

What you need to know about the Meltdown, Spectre computer bugs

Dutch school phone ban to come into force next month

Spotify: Record jump in active users in second-quarter