Security researchers have discovered that PCs with Intel chips dating back to 2011 are under serious threat to information hacking, which includes your passwords, secret keys and account tokens, and private messages. If all hell breaks loose, those are information that could potentially threaten society as a whole since it involves manufacturers like Apple, Amazon, Google, Microsoft, and Mozilla. Basically, all popular PC models.
The flaw was discovered by researchers from the Graz University of Technology, which they disclosed to Intel–the company who produces the processor chips that are making your PC vulnerable to hacking attacks. In reaction, Intel has issued a code to patch the current dilemma but still needs individual manufacturers to release and implement the patches to be installed by users.
The said vulnerability is called ZombieLoad, which is very similar to the infamous Meltdown and Spectre. All three are related where processors leaked sensitive information by exploiting the security hole of the processor’s speculative execution function.
Speculative execution is an integral function in modern processors because it is able to maintain up to par performance or keeps your PC running smoothly and efficiently. Basically, speculative executions make preemptive decisions that determine an application or operating software’s needs in future situations. The processor will then execute those predictions once the situation arises, or will discard them if not.
Moreover, during the speculative execution process, it takes in data or what they call a ‘zombie load.’ These are information that it usually cannot understand or properly process, which it redirects to the processor’s microcode in order to avoid a crash. But there’s a bug in the system where it enables people to access the information currently loaded into the processor’s core.
Usually, apps can only see their data internally but by loading them together in the microcode they’re conveniently placed in one box, which hackers can exploit through the bug that bleeds the information across app borders. In simple terms, it gives hackers a live streamline of your actions within your own PC where they can also use o get to your passwords and private messages, to name a few.
Practically, it’s a side-channel attack where hackers don’t need to inject malicious malware into your PC to gain access to your personal information. They only need to exploit the security flaw currently present in the chip, which makes the threat a very serious issue.
Fortunately, researchers are calling the threat in its infancy stage. They were able to catch the bug before hackers could potentially cause a major threat. In addition, like Meltdown and Spectre, hackers would need a specific set of skills in order to successfully access your information through the bug in Intel’s speculative execution function.
As of date, there hasn’t been a major or wide-spread report regarding exploiting the vulnerability mentioned. Mainly due to the fact that hackers would need to run it on a machine. But as Daniel Gruss, one of the researchers said that attack is still possible if an exploit code was sent to a device via an app download.
There’s no reason to panic but the threat is still serious in every sense. It is hard to accomplish but is still very possible so we are recommending to download the latest updates with the patches to protect you and your PC from possible threats.
Also, the security research on the speculative execution function in processors is on its early stages but continues to prove are prone to hacker threats. We can only learn more as research on it extends.
Meanwhile, Intel has released microcode to patch vulnerable processors, including Intel Xeon, Intel Broadwell, Sandy Bridge, Skylake and Haswell chips. Intel Kaby Lake, Coffee Lake, Whiskey Lake, and Cascade Lake chips are also affected, as well as all Atom and Knights processors.
Big tech companies are also starting to roll out their own set of security patches today as their own line of defense against the threat.
You may also expect a slight decrease in performance speed with the incoming patches but they shouldn’t be much of a bother. As TechCrunch reports, the Intel microcode update would impact processor performance similar to previous patches. Expect performance to have a 3% hit at worst and up to 9% in the data center environment.