Researcher: Intel fixed two critical flaws in its chips

Flaws in Intel CPUs allowing launch of remote attack against a computer fixed, but other bugs remain.

A Russian researcher who plans to demonstrate this fall how he could take advantage of flaws in Intel's chips, said the chipmaker has told him it has fixed two critical bugs.

Kris Kaspersky, an IT consultant and the author of Hacker Disassembling Uncovered and Data Recovery: Tips and Solutions, is booked to make the demo at the Hack In The Box Security Conference in October in Kuala Lumpur, Malaysia. Kaspersky said he can use the flaws in Intel CPUs to launch a remote attack against a computer -- regardless of what software platform it runs.

On Friday, Kaspersky told Computerworld that he has been communicating with Intel about the flaws for nearly a month and the company has told him that it fixed the two critical flaws he brought to Intel's attention. Both of the flaws -- one in the cache controller and one in the Arithmetic logic unit -- could be used by a remote attacker to execute arbitrary code, according to Kaspersky.

He said about a dozen other non-critical bugs that are not remotely executable remain. According to Kaspersky, Intel does not plans to fix them.

Intel did not immediately respond to questions about the existence of the flaws or whether they have been fixed.

In an interview last month, George Alfs, a spokesman for Intel, said, "We have evaluation teams always looking at issues. We'll certainly take a look at this one.... All chips have errata, and there could be an issue that needs to be checked. Possibly. We'd have to investigate his paper."

In a summary of his presentation, Kaspersky charged that such CPU bugs actually have damaged computer hard drives without users' knowledge.

He said he was initially planning to show proof-of-concept (POC) code and demonstrate how to use JavaScript code or TCP/IP packet storms against Intel-based machines. But Kaspersky, who does not work for Kaspersky Labs, said today that various people in the industry have asked him to not give out critical parts of the POC code, so he has agreed not to do so, He will, though, still offer up technical details.

"I think if people [are] aware about bugs, they [will] force Intel to fix them," said Kaspersky. "I was asked [to] not make POC code publicly available and I think this is a good point. I was asked [to] not reveal tech info, but [I] disagree, because installing protections on [the] ISP side will prevent all possible attack[s].... Revealing tech details will not cause chaos and mass-attacks, so I'm going to reveal a lot of -- but not all."

He added that he will provide some fragments of POCs to explain how the attack works and how to reproduce it, but he will not provide enough so hackers could download ready-for-use POC and run it.

In a previous interview, Dan Olds, an analyst at Gabriel Consulting Group Inc., said that if Kaspersky's allegations are true, everything from personal computers to servers could be at risk.

"These allegations are serious and, if true, certainly a cause for concern," added Olds. "Just the fact that this is being widely publicized will act as an enticement for hackers to exploit the alleged weaknesses in the processors. That said, I believe that the author may be entering into the land of hyperbole when he says that these bugs can be exploited regardless of operating system or other security measures. That certainly needs to be proven."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Sharon Gaudin

Computerworld
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?