Chip flaws put billions of devices under threat

Top firms including Intel, Apple, Microsoft and Alibaba will launch system updates after two chip-level security flaws were discovered, which may affect billions of smart devices made in the recent decade.

The security flaws, dubbed "Meltdown" and "Spectre", affect almost all smart devices with chips by Intel, ARM, AMD, and Qualcomm, which means the problem spans both Windows and Mac computers, iPhones, iPads, Android phones and cloud service providers, experts said.

The flaws theoretically allow hackers to access users’ storage data and passwords, although such attacks haven’t been reported yet. Companies have released the first batch of patches to fix the flaws, at the cost of slowing down system performance. 

"Meltdown" affects any computer or laptop running an Intel processor released since 1995, while "Spectre" could affect smartphones as well as computers and cloud servers that run Intel, ARM and AMD processors, according to Google’s security researchers who discovered them this week.

Organizations using cloud servers with huge volumes of data, with computer servers utilizing Intel and AMD chips, are concerned.

The flaws are expected to influence almost all key information infrastructure in Shanghai, especially government and public cloud servers. The city has launched “emergency status” to hedge potential risks, according to a statement from the Cyberspace Administration of Shanghai.

Alibaba and Tencent are expected to provide software upgrades for their cloud services next week to handle potential chip security issues, the companies said.

Meanwhile, some experts say the flaws are difficult to fully fix unless chips are re-designed.

But consumers need not “over-react” — they should update their systems when update or patches are ready, said 360, China’s biggest cyber security firm.

“Despite wide-ranging influence, they are not Class-A flaws because they don't let hackers directly control computers or smartphones. Even with the flaws, people can protect their data if they don’t run any malicious programs on their smart devices,” Zheng Wenbin, security expert of 360 said.

Intel, which owns 90 percent of computer chip market shares, believes the flaws “do not have the potential to corrupt, modify or delete data”. By next weekend, it would release updates with patches for 90 percent of computers made in the last five years, Intel said in a statement.

Both ARM and AMD have released updates to its vendors and manufacturers to mitigate the flaws, media reported today.

All of its Mac and iOS devices are affected by the flaws. Apple has released patches against possible "Meltdown" attacks for iOS, Mac and Apple TV, and will be releasing updates for the Safari browser on its devices “in the coming days” to mitigate "Spectre," Apple said in a statement.

Some consumers of Chinese-brand smartphones are not affected by the flaws, such as Vivo and Oppo models, said ARM.

But premium models like Huawei Mate 10 and Xiaomi’s flagship models are affected. Consumers should wait for companies’ updates, experts said.