Cybersecurity Researchers Find Major Flaws In Widely Used Computer Chips
ARI SHAPIRO, HOST:
Tech companies are rushing to patch up a security flaw found in millions of computer chips. This flaw could make it easier for hackers to steal passwords and other sensitive personal data. Researchers discovered the problem months ago and kept quiet until the companies had a fix. NPR's Laura Sydell reports.
LAURA SYDELL, BYLINE: When you install a program on your computer, there's generally a wall between it and other programs. But the security flaws which were built into the chips from Intel Advanced Micro Devices and ARM allows one program to spy on another.
MORITZ LIPP: Meaning that if another application has stored your passwords or your holiday pictures, another application can read it.
SYDELL: Moritz Lipp is a Ph.D. candidate at Austria's Graz Technical University, and he's one of the researchers who found the flaw. The problem can be found on smartphones, personal computers, browsers and the computers used for cloud storage by companies like Google, Amazon Web Services, Apple and Microsoft. That means millions of computers. If it were a software flaw the problem would be easier to fix, says Lipp, but hardware like chips is another matter.
LIPP: If you have an issue in hardware it's not very easy to just change the hardware because you already sold millions of CPUs. And you just can't call them back and change them.
SYDELL: Lipp and his colleagues found a flaw many months ago, and they alerted the chip maker Intel. Meanwhile, another team at Google found the problem and a similar one. Google planned to wait to release the information about it, but speculation began to surface online and in media. Google, Microsoft, Intel and others have begun to issue patches that will fix the flaws. But it could have a downside.
LIPP: Patches that will come out for the operating systems will decrease the performance.
SYDELL: That means your system might move more slowly. All of the companies affected say they see no signs of any breaches, but it's still a good idea to install any patches and updates. Laura Sydell, NPR News, San Francisco.
(SOUNDBITE OF STRFKR SONG, "SATELLITE")
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.