‘Billions’ of Intel computers potentially affect by huge security vulnerability

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

A major security vulnerability had the potential to hit “billions” of computers, according to the Google researchers who discovered it.

The security flaw, dubbed “Downfall”, attacked Intel processors in a way that would allow hackers to steal passwords, encryption keys and private data from users. That’s according to Daniel Moghimi, the senior research scientist at Google who found the problem and disclosed it this week.

He alerted Intel about the issue with its chips, and the company has since sent out an update to fix it. But the issue could have affected “billions of personal and cloud computers”, Google said.

“Had these vulnerabilities not been discovered by Google researchers, and instead by adversaries, they would have enabled attackers to compromise Internet users,” the researchers wrote in a blog post.

The attack worked by breaking through the boundary that is intended to keep software safe from attacks on the hardware. In doing so, attackers would have been able to find data that belongs to other users on the system, the attackers said.

It did so by exploiting technologies that are intended to speed up various processes on the chip. Attackers were able to exploit those tools to steal sensitive information that should have stayed available only to its owner, when they were signed in.

The nature of the attack means that hackers would need to be on the same physical processor as the person they are attacking. But that would be possible using malware, or the shared computing model that powers cloud computing, for instance.

Intel said that the problem does not affect recent versions of its chips, and that the fix does not cause major problems. But it did suggest that users could disable the fix, if they thought the risk was not worth the slight drawbacks in performance.

The company also told Bleeping Computer that “trying to exploit this outside of a controlled lab environment would be a complex undertaking”.