Are we all at risk?

 

Most of us use computers which house Intel and AMD processors, and then you have the Windows or Linux or macOS operating systems running on them. While the AMD processor running systems are supposedly fine, those running on Intel chips will need to gear themselves for some bad news: A security flaw discovered in the Intel chips that were made after 1995, requires an OS level update, which is expected to bring down the processor performance by 5 to 30 percent.

   

There is a lot of news floating about this security flaw, which was discovered by The Register, but in case you are still confused about what the fuss is all about, let us try and address the issue for you.

Here is everything you need to know about the Intel chipset security flaw.

So what is this Intel security flaw?

Intel chips that were made post-1995 have been discovered to have a security flaw or bug. According to this, there is a bug at the kernel level which has been found to be leaking memory. This could let hackers access or read your sensitive data such as passwords, login keys and more from the chip itself. In the extreme cases, hackers could also insert malware into your PCs via this opening. This vulnerability isn't just limited to individual PCs, but could also affect servers in data centres that run cloud computing services. Think Amazon Web Services!

Which systems are affected? How do I find out if my system is also affected?

Any system with an Intel chip is affected by the flaw. The speculation is that this bug is affecting all Intel x86 processors irrespective of the OS running on the system. There is no way to know it, as there are no traces left in traditional log files. Desktops, laptops and even cloud computers running on Intel chips have been affected. Since it is an x86 chip issue, systems running Linux, Windows, as well as macOS, have been affected. The Python Sweetness blog notes that the attack could impact common virtualisation environments such as Amazon's EC2 and Google Compute Engine.

What's Meltdown and Spectre?

Meltdown is the name given to the vulnerability which affects Intel chips whereas Spectre is the name been given to vulnerabilities in other chip vendors and affects all chips, including ARM, Intel and AMD. Meltdown is an exploit that breaks the secure separation layer between user applications and the operating system. Memory spaces between applications are segregated and protected to prevent accidental interference with each other's data. Meltdown lets malicious software break this protection. This attack lets a program access the memory and the operating system. Systems with vulnerable processors and those running an unpatched OS, need to beware and not work with sensitive information. It was discovered by Jann Horn (Google Zero Project), Werner Haas and Thomas Prescher (Cyberus Technology) and Daniel Gruss, Moritz Lipp, Stefan Mangard, Michael Schwarz (Graz University of Technology). Here are the patches to fix the Meltdown exploit.

Spectre, on the other hand, breaks the isolation between different applications, which will let hackers into tricking programs to leak their secrets. This affects not just PCs, but also mobile phones, embedded devices and other devices housing a chip. Spectre was reported by Jann Horn (Google Project Zero) and Paul Kocher in collaboration with, in alphabetical order, Daniel Genkin (University of Pennsylvania and University of Maryland), Mike Hamburg (Rambus), Moritz Lipp (Graz University of Technology), and Yuval Yarom (University of Adelaide and Data61).

How will it affect me?

The bug lets hackers get access to the kernel memory. Now as we read above, everything passes through the kernel when it comes to the operating system. So the kernel memory could house some private data which is accessible to hackers.

Will everything be back to normal after the patch addresses the bug?

Well yes, but there's a catch. The OS level fix is expected to prevent kernel memory from leaking, so that's a good thing. But this will come at the cost of your system performance coming down in the range of 5 to 30 percent, according to The Register. User PCs having Intel 4th gen processors will not suffer as much as those sporting older processors. Virtualisation applications and data centre or cloud workloads are expected to be affected more. Intel says that the performance hit depends on the workload and won't be much for average home PC users. Amazon Web Services has warned customers in an email to expect a major security update to come on Friday.

What about AMD processors?

AMD has released a statement saying that machines sporting AMD processors are not affected by this bug. "AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault," said AMD.

In such a scenario, AMD processor housing systems should not be affected. But if the OS vendor does not make exceptions for the change in OS level code from affecting AMD systems, then there could be some performance hit. As of now, this is in the realm of speculation.

Stay tuned for upcoming Updates.Regards,Dave.

Let me know what you think about these carelessness of the Giants in the comments section below and share this piece with everyone to stay informed! Follow,Upvote and ReSteem .