Technology 3 min read

Intel Continues to Fix Security Flaws Discovered Half a Year Ago

Researchers at Vrije Universiteit Amsterdam revealed that Intel was not able to fix all the security flaws it discovered six months ago.

Shutterstock

Shutterstock

Back in May 2018, Intel claimed that its released patch had fixed the group of security flaws discovered on the company’s processor. However, recent reports suggest that the claim wasn’t entirely valid.

Two years ago, the Dutch researchers at Vrije Universiteit Amsterdam discovered vulnerabilities in Intel’s processor and reported it. Consequently, the tech company released a software patch to solve the issues.

But, the initial patch only addressed some of the security issues. According to the researchers, Intel wouldn’t release a second patch to fix all the vulnerabilities (that it claimed to have fixed ) for another six months.

In a statement to the press, one of the researchers who reported the vulnerabilities, Cristiano Giuffrida, said:

“The public message from Intel was, everything is fixed. And we knew that was not accurate.”

Now the tech company wants to sell the same story again with the Tuesday patch, and the researchers are not having it.

Keeping Quiet about the Security Flaws

Like most other security vulnerabilities, the Intel flaw allows attackers to extract sensitive information from the processors in desktop, laptop. Such data could include encryption keys, passwords, etc.

After reporting the flaw to Intel, the Dutch researchers remained quiet for eight months while Intel worked on the patch it released in May. However, it soon became evident that the patch didn’t fix anything.

So, the tech company asked the researchers for an additional six months to come up with a solution.

Following Intel’s request, the researchers had to keep knowledge of the unpatched vulnerabilities to themselves. They also had to alter a paper that they intended to present at a security conference to remove mentions of the flaws.

We had to redact the paper to cover for them so the world would not see how vulnerable things are,” one of the researchers told the Times.

As promised, Intel released another patch six months later. But, the dutch team says it didn’t fix most of the issues.

The researchers notified Intel of the unfixed flaws ahead of Tuesday’s patch release. Once again, the tech company asked the researchers to remain silent until they could produce another patch.

This time, the researchers did the opposite. “We think it’s time to simply tell the world that even now Intel hasn’t fixed the problem,” they said.

Intel Processors’ Security Vulnerabilities

The security flaws reportedly originate from a single issue with the way Intel processors handle data.

Intel was looking to make its processor faster. So, the company designed the processors to anticipate and perform specific tasks ahead.

However, the function could be aborted, making the data unnecessary. So, the system stores it for a brief period before deleting it.

The problem is, the vulnerabilities allow attackers to extract data during the processing or storage period. According to the researchers, several variants provide various ways for attackers to retrieve user data.

A professor of computer science at Vrije Universiteit Amsterdam and part of the group that reported the vulnerabilities, Kaveh Razavi, said:

“Anybody can weaponize this. And it’s worse if you don’t actually go public because there will be people who can use this against users who are not actually protected.”

The researchers pointed out that Intel may need to redesign the processor to fix the core issue. However, the tech company has chosen the ineffective option of patching each variant as it comes along.

Read More: Alibaba Unveils RISC-V Processor Chip for High-Performance Applications

First AI Web Content Optimization Platform Just for Writers

Found this article interesting?

Let Sumbo Bello know how much you appreciate this article by clicking the heart icon and by sharing this article on social media.


Profile Image

Sumbo Bello

Sumbo Bello is a creative writer who enjoys creating data-driven content for news sites. In his spare time, he plays basketball and listens to Coldplay.

Comments (0)
Most Recent most recent
You
share Scroll to top

Link Copied Successfully

Sign in

Sign in to access your personalized homepage, follow authors and topics you love, and clap for stories that matter to you.

Sign in with Google Sign in with Facebook

By using our site you agree to our privacy policy.