A new security flaw has been discovered in Intel’s widely used processors, allowing attackers to gain sensitive data such as passwords.
The vulnerability in the chip architecture is similar to Spectre and Meltdown, discovered two years ago, IT researcher Bogdan Botezatu from the security software company Bitdefender says.
Yet this time, the measures used against Spectre and Meltdown are ineffective against this new security flaw.
Meanwhile, researchers at the University of Leuven, Belgium, have reported that in April last year they had already alerted Intel to a weakness in special security elements of their processors.
An unusually long period of silence was then agreed on so that the chip company could produce countermeasures.
So what can you as a user do? To stay on the safe side, you can make sure your processor is running with the recommended software updates, the experts emphasise. And yet you can also expect that these updates may lead to the processor running much slower.
It can be assumed that in future processor generations the gap will already be fixed at a hardware level. Intel stressed that several conditions must be met for a successful attack, which makes it more difficult to implement.
In the new security flaw, which was given the name LVI (for Load Value Injection), the processors are vulnerable to attacks with certain datasets, Bitdefender explains, saying the exploit allow attackers to take control of parts of the chip to read out information.
The flaw is a particularly dangerous one for datacentres because this is where data from a wide variety of users can flow through just one processor.
Another problem is that the attack leaves no trace.
According to Bitdefender’s findings, processors from Intel’s rival AMD are not affected by this vulnerability, because they are structured slightly differently, Botezatu said.
The vulnerabilities were caused by the fact that the developers of the processors are trying to increase the performance of the chips with multi-core architectures and other technological tricks. – dpa