Hackers Can Steal Sensitive Data From Virtually Any Computer

SANTA CLARA, CA — Cybersecurity experts found two major security flaws affecting microprocessors built by Intel and other chipmakers, and the tech giant said that hackers could exploit them to steal sensitive data. Security researchers with Google's Project Zero team on Wednesday said the flaw could expose passwords and other sensitive data from a system's memory.

"We have discovered that CPU data cache timing can be abused to efficiently leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts," the team said in a blog post.

Programs usually can't read data from other programs, according to MeltdownAttack.com, a website dedicated to the findings. But a malicious program can exploit the two security problems to steal "secrets stored in the memory of other running programs," the site said. This includes passwords stored in a password manager or browser, personal photos, emails, instant messages and even sensitive business documents.

The New York Times reported that the two problems — dubbed Meltdown and Spectre — could allow hackers to steal the contents of a computer's memory. This includes smartphones, tablets, personal computers and servers that run on the cloud. Cybersecurity reporter Nicole Perlroth said on Twitter that the problem isn't isolated to Intel either, it's "an entire chipmaker design problem that affects virtually all processors on the market."

Researchers told the Times that fixing Spectre might mean redesigning the processors. A software patch might be needed to fix Meltdown, which could slow computers by nearly a third.

Intel said in a statement that it believes hackers can't "corrupt, modify or delete data." Reports that they were caused by a bug or flaw and are unique to Intel products are false, the company, based in Santa Clara, California, said.

"Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits," Intel said.

Intel said it is working to create an "industry-wide approach" to fix the issue in a timely manner and disputed reports that a fix would slow computers.

"Intel has begun providing software and firmware updates to mitigate these exploits," the company said. "Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time."

Intel added that it planned to disclose the issue next week when more software and firmware updates would be available, but that it had to issue a statement due to "current inaccurate media reports."

The company advised users to check with their operating system vendor or system manufacturer and update their computers as soon as updates become available. Intel also said following "good security practices that protect against malware" would also help protect against possible hacks while the updates are built.

Intel's stock fell 3.4 percent on Wednesday to close at $45.26.

1. Apparently I don't know how to thread, so here goes my second attempt at blasting you with critical news on this "Intel Chip problem" which is not an Intel problem but an entire chipmaker design problem that affects virtually all processors on the market.
— Nicole Perlroth (@nicoleperlroth) January 3, 2018

Intel Responds to Security Research Findings: https://t.co/unPxKKSpQM
— Intel Official News (@intelnews) January 3, 2018

The Associated Press contributed to this report.

Photo credit: Alexander Koerner/Getty Images