The new "Chipgate" Security failure. What to do if you are one of the victims? -


Post Top Ad

Post Top Ad

Sunday, 7 January 2018

The new "Chipgate" Security failure. What to do if you are one of the victims?

The "Chipgate", technological scandal of the moment, has not only affected the manufacturers of processors and brands of computers, it also reaches smartphones and other devices do not use chips. It seems that we are all part of this new "Chipgate".

The "Chipgate" started with the Intel processors, but spread to other chips. Neither Apple nor Smartphones could escape.

What is the "Chipgate"?

We previously reported serious security flaws that affect all devices with processors manufactured by Intel, released in the last decade. One of these errors allows access to different parts of the kernel memory, to steal core information from the operating system. As many of the details of these failures were retained under embargo, we did not find out all the details so far, which exploits the "Chipgate".

The first news pointed only to Intel, but the latest claim that this failure is more widespread and extends to AMD and ARM. These are two faults that now have a name: the "Meltdown", which will be exclusive of the Intel processors, and the "Specter" that also reaches other chips.

What are the faults and what are the consequences? 

Meltdown and Specter, have the same base that is to exploit critical vulnerabilities in the processors. However, Meltdown allows you to bypass the limitations of memory access to the CPU core, while Specter causes applications to reveal inaccessible information, by making the software think that you are sharing that information in a secure environment.

Is my smartphone at risk?

Almost all systems are affected by Specter: desktops, laptops, cloud servers and Smartphones. All modern processors capable of maintaining many open instructions are potentially vulnerable. Apple has confirmed that their computers and smartphones are also part of the affected devices.
The security flaws are present in all the chips produced since 1995 by the manufacturers in question, affecting all the teams that make them up. They have known each other since July 2017, but it is only now that they are made public.

What can I do to protect myself? 

What is available to the user is to install the security updates of the operating systems, as well as the programs that will be available for that purpose, only from official sources. Note that there is news that ensures that these updates will affect the performance of the chips in question and, consequently, the speed of processing of the equipment that these chips have installed, there are those who talk about 30%, but Apple says it will be around 2, 5%, a problem that will be resolved later, guarantees Intel.

In the coming weeks, it is expected that Intel, AMD, ARM, Qualcomm and other manufacturers will offer firmware updates for their chips, capable of eliminating the problem permanently.

Companies like Microsoft, Amazon, Apple, Google, Firefox among others, have already released partial or final software updates to mitigate the Meltdown bug, but the Specter seems to be more difficult to solve, according to experts.

Apple released mitigations in iOS 11.2, macOS 10.13.2 and tvOS 11.2 to defend against Meltdown. Since Apple Watch does not use Intel chips, it is not affected.

Linux has a set of patches called "page table isolation (KPTI) of the Linux kernel" released in kernel 4.15, currently in RC.

Google Android says that devices with the latest security update are protected.

Cloud services or virtualized environments are the main potential targets for those who seek to exploit the vulnerability. Microsoft Azure, Amazon AWS and Google Cloud Platform are implementing corrections and say they have already mitigated part of the risk. A scheduled downtime of several cloud services is expected in the coming days.

Intel is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to solve this problem quickly. Intel has begun to provide software and firmware updates to mitigate these attacks. It ensures that any impact on performance depends on the workload, and for the average computer user, it is not significant and will be mitigated over time.

AMD believes that there is an almost zero risk for AMD processors at this time. We hope that the security investigation will be published later and that it will provide new updates at that time.

ARM says that "our Cortex-M processors, which are compatible with low-power connected IoT devices, are not affected," but we are working with Intel and AMD to address a lateral channel analysis method to resolve the failure in our processors. Cortex-A ".

No comments:

Post a Comment

Post Top Ad