Intel disclosed on Tuesday that it was still struggling to close a potentially damaging loophole that could allow hackers to steal data being processed by many of the world’s PCs and servers, almost two years after the issue first came to public attention.
The chipmaker announced fixes in May that it said would repair the most recent problems stemming from the loophole, which were brought to its attention by security researchers in Europe.
It has now revealed, however, that the earlier repair did not stop all the ways attackers could take advantage of the vulnerability, forcing it to take further action this week. Intel also admitted that even this would not completely solve the problem, and more remedial work needed to be done.
The persistent flaws in Intel’s chip architecture first came to light with the Spectre and Meltdown vulnerabilities in early 2018. Intel’s dominant position in PC and server chips forced a rare, industry-wide effort to tackle the problem. Many of the world’s biggest tech companies issued “patches” for their own software to make up for the flaw in the widely-used computer hardware.
The class of problems that first came to light with Spectre and Meltdown involved so-called speculative execution vulnerabilities. These spring from a technique designed to speed up computers, with chips trying to anticipate some of the tasks they will need to perform next and processing data before a specific instruction is issued. When these speculative computing tasks turn out to have been unnecessary, some of the information is exposed to attack.
In a technical release on Tuesday, Intel disclosed it had taken steps to repair a new vulnerability that it said was “closely related” to the problems it had solved in May.
However, VUSec, the security group at Vrije Universiteit in Amsterdam that had been among to researchers to expose the problems, said on Twitter that the flaw was a “variant we reported in September 2018”. Intel also credited KU Leuven in Belgium, Helmholtz Center for Information Security in Germany and Graz University of Technology in Austria for highlighting ways to take advantage of the vulnerability.
It added that, “shortly before” its latest disclosure, “we confirmed the possibility that some amount of data could still be inferred” by attackers using the same techniques, forcing it to promise further updates.
Intel has always maintained that the risk of a computer user’s data being leaked through speculative execution attacks is only a “medium” or “low” risk, and that there have been no reports of any attackers taking advantage of the loophole.
The post Intel struggles to close potentially damaging chip flaws appeared first on Financial Times.