【“幽灵”漏洞让安全专家感到困扰】

【“幽灵”漏洞让安全专家感到困扰】 硬件问题几乎影响到全球所有计算机,可能让黑客窃取密码和电子邮件,而且软件无法防范它。谷歌专家称,一些名为Spectre的计算机芯片的安全性存在严重缺陷,因此无法单独使用软件进行修复。

该研究的共同作者本•提泽(Ben Titzer)告诉《新科学家》杂志:“整个计算领域都错过了这一点。” 什么可以被盗确切的细节仍然是一个谜,所以无法衡量以前的软件修复的有效性。

 

'Spectre' flaw returns to haunt security experts: Hardware issue that affects almost every computer worldwide and could let hackers steal passwords and emails is here to stay and software can't safeguard against it

  • Spectre is an inherent weakness in computer chips used by Intel, AMD and ARM 
  • It exposes a weakness in the device's processing which allows data to be stolen
  • It is thought emails and passwords can be stolen but it may be much more 
  • Experts now claim software fixes alone are unable to fix the issue    

A serious flaw in the security of some computer chips, known as Spectre, is impossible to fix with software alone, Google experts claim.

The flaw is so large that computers of the future will need to be redesigned in order to avoid the issue.

Spectre affects chips manufactured by Intel, AMD and ARM and are used in almost every single one of the world's smartphones.

It leaves devices exposed to programmes that can steal data, passwords and emails.

Scroll down for video

Spectre affects chips manufactured by Intel, AMD and ARM and are used in almost every single one of the world's smartphones. It leaves devices exposed to programmes that can steal data, passwords and emails (Stock)

When Spectre was discovered and its ubiquity was noticed tech firms desperately scrambled to find a solution.

It was found that it decreases device speed by up to 30 per cent and Google introduced a feature to isolate each individual page on Chrome to limit the vulnerability.

There has yet to be a comprehensive solution to the issues and no fix for the fundamental issue has been found.

One manifestation of the issue, known as Speculative Store Bypass, has now been labelled as irreparable by Google's experts.

Ben Titzer, co-author of the study, told New Scientist: 'The entire field of computing missed this.'

The flaw is so large that computers of the future will need to be redesigned in order to avoid the issue as software will not be sufficient to fix it (stock)

Spectre exploits a weakness in a feature known as speculative execution which improves processing speed.

Experts are now resigned to the fact there may never be a simple patch or fix and the only true way to leave Spectre behind is to change the way machines are made.

Exact details of what can be stolen remain a mystery so it is impossible to gauge the effectiveness of previous software fixes.

Chips make guesses about future calculations, which are then discarded if incorrect.

The research is available on pre-print site arXiv.

https://www.dailymail.co.uk/sciencetech/article-6734303/Spectre-flaw-returns-haunt-security-experts.html


Comments are closed.



无觅相关文章插件