A member of Google’s Project Zero Security Team discovered a flaw that affects computer processors built by Intel and other chipmakers. The initial discovery came a week before Intel planned to release information about the flaw, but not before Intel informed Chinese tech companies like Lenovo and Alibaba.
Google’s Project Zero team has concerns about the flaw allowing passwords and other sensitive data being gathered from system memory. Both Intel and Google were planning on releasing information about the flaw after fixes were made available. Intel was forced to disclose early when British technology site ‘The Register’ reported it.
Intel’s decision to disclose to Chinese tech companies before the U.S. Government raises concerns from cybersecurity experts. It could have allowed information about the chip flaws, dubbed Spectre and Meltdown, to be obtained by the Chinese government before public release.
Spectre and Meltdown Affect Billions of Devices
These bugs potentially subject individuals and businesses to hackers. There’s been no report yet of the bugs causing a breach, but hackers are scrambling to create and release exploits while companies are in a mad dash to update their software and devices.
Fixing the problems will slow computer performance, especially on devices older than five years. So this problem could be a potentially massive undertaking for companies without the budget for new hardware. These bugs also affect companies that deal with more network traffic and processing power, like cloud providers, retailers and healthcare systems.
Big players (Microsoft, Amazon, Apple and Google) are rolling out fixes quickly, but there have already been snags. Some Microsoft Azure customers reported their machines failed come back online after installing updates.
Some patches aren’t automatic because they can cause programs to crash, so businesses will be on the hook to make sure anti-virus and other security tools are compatible with the update, said Dmitri Alperovitch, co-founder and CTO of Crowdstrike.
How Should Companies Protect Themselves?
The biggest concern with Spectre and Meltdown is that breaches will happen quietly. Problems may not be immediately apparent the way they are with ransomware. If systems are performing, companies might not bother updating their hardware and software.
Updating computer systems is already time-consuming and expensive for businesses, but it is essential. It’s only a matter of time before hackers start exploiting these bugs on vulnerable systems.