A new cybersecurity threat could make the very guts of network computers vulnerable to hackers, giving them access to things like passwords and encryption codes. The threat exploits what are known as the Spectre vulnerabilities.
As Bloomberg reported recently, Spectre takes advantage of glitches in how processors in computers, smart phones and other devices try to predict what data they believe users will need next and access it ahead of time. As Google researchers discovered earlier this year, it also provides a way for bad actors to read data stored in memory that had been thought to be secure.
Now, computer security expert Yuri Bulygin says hackers can exploit problems in microprocessors to access system management mode memory, which allows hackers to access any of the data on the machine itself. As Bloomberg reports:
“Cloud computing services may be at the greatest risk, Bulygin says, because the glitch could be used to breach protections for keeping companies’ data separate on physical servers. The hackers who access those systems’ firmware can not only move between the databases and steal information but also look through the firmware’s own code to reveal some of the servers’ most heavily defended secrets, including encryption keys and administrative passwords.
“Until now, most cybersecurity outfits have focused on protecting software and networks, not the guts of the machines. Spies have known about risks to firmware for ages; a perusal of the classified National Security Agency documents that Edward Snowden leaked shows intelligence services have been attacking it for decades using tools called implants. Those can be anything, including malicious code or chips designed to hijack circuit boards to modify firmware and other legitimate code.”