The computer chip debacle: Businesses are scrambling , II Critical computer flaws set up security challenge in Washington , II Experts say software patches may remedy Meltdown flaw

.

© Getty Images

Two critical vulnerabilities that affect modern computer processing chips are about to become a huge headache for governments worldwide.

The vulnerabilities could allow hackers to pilfer sensitive data from virtually all modern computing devices, ranging from computers to smartphones to cloud infrastructure. Experts believe that they may be the most dangerous computer processor flaws to date.

The Department of Homeland Security issued guidance on the matter late Wednesday, noting that while operating system updates could help mitigate the issues, the only true solution would be to replace computer processing units' hardware.

This means that mitigating the flaws will likely cost federal, state and local governments a significant amount of time, money and effort. 

The cyber-flaws, which were originally believed to only be in Intel chips, affect an array of chip vendors including, AMD, Google, Microsoft and Apple, and impacts millions of modern computing systems developed over the last decade.

“These processors are used in most government systems around the globe and are likely vulnerable,” said Tony Cole, vice president and global government chief technology officer at FireEye.

The discovery, which came from months of work by computer researchers, has sent programmers at major companies scrambling to issue patches to prevent possible hacks. 

The researchers had planned to go public with the details later in January after notifying affected companies, but some details about the flaws leaked to the media on Tuesday.

Now that the vulnerabilities have been made public, the clock is ticking for organizations to take steps to guard their systems.

“The vulnerabilities and sample exploit code are now in the wild, so we should expect that criminals and nation-state actors are using them,” said Michael Daly, chief technology officer of cybersecurity and special missions at Raytheon.

The revelations have caused a stir on Capitol Hill.

Sen. Mark Warner (D-Va.) the top Democrat on the Senate Intelligence Committee, said the flaws are just the latest example of a string of exploitable digital vulnerabilities. 

“Once again highlight the impact of vulnerabilities in widely-adopted components and protocols, and illustrates the importance of adopting basic hygiene requirements for the rapidly proliferating Internet of Things (IoT)," Warner said.

Other offices, including Rep. Will Hurd’s (R-Texas), say that they’re also looking into the matter.

The two vulnerabilities, dubbed "Meltdown" and "Spectre," are flaws in hardware that cybersecurity experts say could be used by hackers to steal sensitive information in a computer's memory, such as passwords and encryption keys.

“Meltdown” can be mitigated by software patches. Microsoft and Google have already issued emergency patches for their systems, though experts say the patches could degrade the performance of devices by 20 to 30 percent when applied.

Flaws have been discovered in chips made by Intel, AMD and Arm, and used in almost all computers, servers and smartphones © AP Share on Twitter (opens new window) Share on Facebook (opens new window) Share on LinkedIn (opens new window) Save Save to myFT Richard Waters and Hannah Kuchler in San Francisco YESTERDAY 43 A US government-sponsored cyber security team has stepped back from its drastic warning about the impact of a computer security problem that affects nearly all computers and smartphones. The group at Carnegie Mellon University, which is backed by the Department of Homeland Security, advised computer users to apply software “patches”, or repairs, as a solution to the problem. It said these would “mitigate” the risk of attacks, though it did not say whether it believed they would fully resolve the issue. The cyber security group, known as CERT, had earlier warned companies that the only way to fully protect themselves was to replace their computer systems. That unusual warning had appeared to present companies with a choice of embarking on an expensive IT overhaul or risking an attack, once hackers learnt how to take advantage of two vulnerabilities made possible by the flaw, dubbed Meltdown and Spectre. CERT had told computer users to replace the main processors in their computer systems, saying: “Fully removing the vulnerability requires replacing vulnerable CPU hardware.” By Thursday afternoon, however, the group had changed its position.

The computer chip debacle: Businesses are scrambling , II Critical computer flaws set up security challenge in Washington , II Experts say software patches may remedy Meltdown flaw 

Computer security‬‬ , computer chip debacle,Critical computer flaws,CPU hardware