Millions could be hacked through flawed chips
HACKERS could steal information from millions of desktop computers, laptops, or even tablet computers thanks to unprecedented security flaws discovered in computer chips dating back to 1995, it has been revealed.
The two vulnerabilities could even expose information stored on smartphones, and will force computer users across the world to patch their systems to avoid data theft.
Researchers at Alphabet's Google Project Zero, working with academics, discovered the security problems, including one that affects computer chips by leading maker Intel.
Named Meltdown, the vulnerability in Intel chips could let any program access sensitive information on the computer, including passwords, the researchers found.
"Without requiring any software vulnerability and independent of the operating system, Meltdown enables an adversary to read sensitive data … affecting millions of devices," the research paper revealed.
A second vulnerability, dubbed Spectre, also affects AMD and ARM computer chips, and could allow hackers to steal data from the computer's memory that is normally kept in isolation.
The security flaws affect millions of computers, including devices from Microsoft and Apple, and will require a software update to prevent data theft.
The research had been due for release on January 9, giving technology giants time to co-ordinate a response and software updates, but was fast-tracked after security researcher Erik Bosman revealed a proof- of-concept on Twitter.
Chip maker Intel issued a statement denying that the vulnerabilities were "unique to Intel products," and that computers would not slow down significantly after software patches were applied.
"Recent reports that these exploits are caused by a 'bug' or a 'flaw' and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices, with many different vendors' processors and operating systems, are susceptible to these exploits," the company said in a statement.
"Intel has begun providing software and firmware updates to mitigate these exploits."
Rival chip maker AMD said the "majority" of its processors were not affected by the vulnerabilities, and warned computer users to maintain good computer security while waiting for software updates to be issued by manufacturers.
"It is important to note that this method (of attack) is dependent on malware running locally, which means it's imperative for users to practice good security hygiene by keeping their software up-to-date and avoid suspicious links or downloads," AMD said in a statement.
Intel's share price fell more than three per cent following the announcement of the security flaws, while AMD's share price climbed five per cent.
The timing of the security report could also prove embarrassing for Intel, coming the week before chief executive Brian Krzanich is due to deliver the keynote speech at the Consumer Electronics Show in Las Vegas.