Site icon Wonderful Engineering

New Research Finds Hidden Flaw In Intel Chips Since 2011 That Makes Hacking Easy

A team of security researchers from the Graz University of Technology has found a new flaw in Intel chips that can be exploited for stealing information, sensitive in nature, from the processor. This newly found vulnerability has been named ‘ZombieLoad’.

This recently found flaw creates the possibility for a side-channel attack that the hackers can exploit. What’s the worst part of this finding? Every computer that has an Intel chip from and after 2011 is affected by the same level of vulnerability. Apple, Microsoft, and Google have already issued updates in response to the ZombieLoad. The name ZombieLoad comes from the term zombie load that is used for the amount of data that the processor is unable to stand.

This causes the processor to request help from the microcode of the processor in an attempt to prevent a crash. This process is what the ZombieLoad bug aims to exploit by letting data bleed across the boundary walls. Intel has already released patches to the microcode thus helping to clear the buffers of its processors. This will prevent any kind of data from being read.

The researchers have also stated that the flaws could be exploited for finding out which website the person is using in real-time, and this can be further exploited for gaining access to passwords or even access tokens. Furthermore, the cloud is also vulnerable to ZombieLoad. According to the team, the flaws exist in the cloud environments just like the way they do on PCs.

There have been no reports of any attack yet, but this doesn’t imply that such attacks have not already taken place. Adding to the problem is the fact that ZombieLoad doesn’t leave any kind of trace. Fixing the flaws is also difficult since the patching of processors causes them to slow down.

The experts are however saying that you need not panic because there are easier ways of hacking into a computer and neither Intel nor the research team has given the exploit code thus confirming that there is no immediate and direct threat.

Exit mobile version