chip flaws – WindowsTechs.com

Flaws in Qualcomm chips could allow snooping, Check Point finds

Posted on August 7, 2020 by Shannon Vavra

Software flaws in millions of smartphones used throughout the world could give hackers a gateway into users’ personal data. More than 400 vulnerabilities in chips used in approximately 40% of the world’s cellphones and devices could allow hackers to spy on users’ GPS location and microphones in real-time, according to new Check Point research. The vulnerable units, Digital Signal Processor units or DSP chips made by Qualcomm Technologies, specifically Qualcomm Snapdragon DSP chips, impact popular cellphones and devices from Samsung, LG, Xiaomi, and Google are vulnerable, according to researchers. DSP chips, made up of software and hardware, are designed to enhance charging, audio features, and multimedia activities. But these flaws are a reminder that as ubiquitous as chips are in popular devices, vulnerabilities abound. The Spectre and Meltdown vulnerabilities, discovered by Google’s Project Zero two years ago, affected nearly every modern computer chip, for instance. In a statement shared with CyberScoop, Qualcomm said it has seen […]

The post Flaws in Qualcomm chips could allow snooping, Check Point finds appeared first on CyberScoop.

Continue reading Flaws in Qualcomm chips could allow snooping, Check Point finds→

Time To Stop: More Intel Tomfoolery Discovered

Posted on November 9, 2018 by Marc Handelman

Another chip-based flaw has now reared it’s miniscule silicon noggin over Intel-way. Pro Tip: It would be wise to perform adequate security testing on these products before unleashing them on the world, just sayin’… Maybe a bit of security orchestra… Continue reading Time To Stop: More Intel Tomfoolery Discovered→

Senators question vulnerability disclosure process after Spectre and Meltdown stumbles

Posted on July 11, 2018 by Sean Lyngaas

Shortcomings in the industry-led process for disclosing software and hardware bugs could rear their heads again, U.S. senators said Wednesday at a hearing on the Spectre and Meltdown chip flaws. “While these vulnerabilities seemed to have been patched reasonably well, what about the next one? And we might not know about it until it’s too late,” Florida Democrat Bill Nelson said at the Commerce, Science and Transportation Committee hearing. Lawmakers are pondering what can be done to improve the complex vulnerabilities disclosure process, which involves spreading enough word among vendors to address a bug but not so much as to risk leaking information before patches are ready. “We need to consider additional ways to require the federal government’s equipment suppliers to promptly notify [the Department of Homeland Security] of potential breaches or vulnerabilities that could weaken our federal systems,” Sen. Maggie Hassan, D-N.H., said at the hearing. The worry is always that foreign governments […]

The post Senators question vulnerability disclosure process after Spectre and Meltdown stumbles appeared first on Cyberscoop.

Continue reading Senators question vulnerability disclosure process after Spectre and Meltdown stumbles→

Tech giants reveal new variant of Meltdown and Spectre vulns

Posted on May 21, 2018 by Sean Lyngaas

Intel and Microsoft have revealed a new variant of the Meltdown and Spectre chip vulnerabilities that have plagued their products in recent months. The new vulnerability, dubbed “Variant 4,” can be exploited through JavaScript in a web browser to steal data. Like the Meltdown and Spectre vulnerabilities, “Variant 4 uses speculative execution, a feature common to most modern processor architectures, to potentially expose certain kinds of data through a side channel,” Leslie Culbertson, an executive vice president at Intel, wrote in a blog post. Intel isn’t aware of any exploits of Variant 4 in the wild, Culbertson said, crediting the company’s expanded bug bounty program for boosting security. In a security advisory published Monday, Microsoft said that is wasn’t “aware of any exploitable code patterns of this vulnerability class in our software or cloud service infrastructure, but we are continuing to investigate.” The Spectre (Variants 1 and 2) and Meltdown […]

The post Tech giants reveal new variant of Meltdown and Spectre vulns appeared first on Cyberscoop.

Continue reading Tech giants reveal new variant of Meltdown and Spectre vulns→

DARPA is looking to avoid another version of Meltdown or Spectre

Posted on April 4, 2018 by Sean Lyngaas

The Defense Advanced Research Projects Agency has contracted Tortuga Logic to develop hardware security tools that use commercial testing platforms to catch vulnerabilities in computer chips before they are deployed, the firm announced. The goal of the contract, awarded by the Pentagon’s R&D arm, is to prevent a repeat of Meltdown and Spectre, the security vulnerabilities revealed in January that affected virtually all modern computer chips. The contract is part of a DARPA hardware and firmware program that strives to make chips more secure at the “microarchitecture level.” DARPA says the program, which is tackling seven classes of hardware vulnerabilities, supports security methods that limit “hardware to states that are assured to be secure while maintaining the performance and power required for system operation.” Tortuga Logic says it can verify hardware security throughout the design process, arguing in a recent white paper that such verification is much more common in […]

The post DARPA is looking to avoid another version of Meltdown or Spectre appeared first on Cyberscoop.

Continue reading DARPA is looking to avoid another version of Meltdown or Spectre→

Microsoft’s Meltdown patches introduced a whole new vulnerability

Posted on March 28, 2018 by Sean Lyngaas

Microsoft’s early patches for the Meltdown chip flaw have introduced an even more serious vulnerability in Windows 7 that allows attackers to read kernel memory much faster and to write their own memory, according to an independent security researcher. The discovery is the latest twist in a monthslong saga around Meltdown and Spectre, which together have affected virtually all modern computer chips. The researcher, Ulf Frisk, discovered that the Microsoft-issued Windows 7 patches could allow an attacker to access every user-level computing process running on a machine. Normally, the hierarchy of Microsoft’s memory management would keep a number of operations secured on the kernel level. An attacker would need a foothold into a computing system in order to exploit the vulnerability. But once that foothold is established, “no fancy exploits” are needed, Frisk said. “Windows 7 already did the hard work of mapping in the required memory into every running […]

The post Microsoft’s Meltdown patches introduced a whole new vulnerability appeared first on Cyberscoop.

Continue reading Microsoft’s Meltdown patches introduced a whole new vulnerability→

Meet ‘Meltdown’ and ‘Spectre,’ the chip flaws causing problems for nearly everyone

Posted on January 3, 2018 by Patrick Howell O'Neill

Critical bugs in all modern processor chips that allow attackers to potentially steal sensitive data were publicly revealed Wednesday after months of private security industry work and days of public speculation. Named “Meltdown” and “Spectre,” the vulnerabilities could allow attackers to find passwords or sensitive documents stored in memory. The exploits work on personal computers, mobile devices and on cloud infrastructure that relies on hardware dating back to 1995. For most people, the solution is to install security updates for their operating system quickly and regularly. It’s not clear if the exploits have been used in the wild, because neither leave any traces in log files. One of the researchers to independently discover these flaws was Google Project Zero’s Jann Horn. Horn “demonstrated that malicious actors could take advantage of speculative execution to read system memory that should have been inaccessible,” Google’s security team explained in a blog post. “For example, an unauthorized party […]

The post Meet ‘Meltdown’ and ‘Spectre,’ the chip flaws causing problems for nearly everyone appeared first on Cyberscoop.

Continue reading Meet ‘Meltdown’ and ‘Spectre,’ the chip flaws causing problems for nearly everyone→