As we reported in an earlier post, hackers found a method for hacking into Intel processors giving them access to sensitive information like passwords and personal information. Called Spectre and Meltdown, these vulnerabilities were not reported for several months as Intel worked to verify and patch them.
The latest batch of eight vulnerabilities have been dubbed, “Spectre – New Generation,” or, “Spectre-NG.” These not only impact Intel CPUs but also a number of ARM processors and this time may impact AMD, Intel’s chief rival, as well.
While not officially acknowledged by Intel, a team of security researchers identified the problems and apparently disclosed the information to the German computer magazine, “Heise.” According to their report, four of the flaws are deemed “critical” and the other four are “medium” in terms of security impacts.
In an article by Hacker News, these vulnerabilities are related to issues and design characteristics that spawned the original Spectre threat but this time with a twist. Attackers using a virtual machine (VM) can easily attack the host system and other VMs running on the host machine. A recent practice in data storage is the use of VMs to create low cost redundancy in the form of virtual servers. Attacks here are serious indeed. As the article states,
"Alternatively, it could attack the VMs of other customers running on the same server. Passwords and secret keys for secure data transmission are highly sought-after targets on cloud systems and are acutely endangered by this gap," the report reads.
"However, the aforementioned Spectre-NG vulnerability can be exploited quite easily for attacks across system boundaries, elevating the threat potential to a new level. Cloud service providers such as Amazon or Cloudflare and, of course, their customers are particularly affected."
Researchers notified the chip makers of at least one flaw over 80 days ago putting the date for an “official” release to the media around May 7, 2018. This time, the researchers are taking a low profile and not letting their names out, possibly to avoid criticism like that CTS Labs received when it released partial details of an AMD vulnerability in a highly visible manner.
You need to be looking for notifications from your PC manufacturer regarding your system being involved in the latest round of vulnerabilities, so you can take advantage of the patches which will be provided. Intel reportedly is planning to release patches in two phases, one in May and another in August. Microsoft is also planning to provide patches to address the problem in an upcoming update.
In the meantime, follow safe computing guidelines while online. Keep all software patched, use a good anti-virus/malware program, and be careful what you click and where you visit. Or, you could simply dump digital and return to paper and pencil for your most important tasks. Try and hack that, bad guys!
When it comes to protecting your identity, privacy, and data in online and cellular communications, trust CRIP.TO. We are dedicated to providing the most secure form of communications currently available to non-governmental users; regular people, groups, companies, and organizations just like you.
CRIP.TO – giving you the freedom to communicate fearlessly!