Hackers Find Another Hardware Vulnerability
On the doom and gloom front, a new question has recently come up, “Aren’t hackers focused on just software?”
It appears the answer is, “No, hardware is fair game too.”
Late last year, Intel confirmed that its current Core CPUs had serious vulnerabilities that allowed remote hackers to take over the PC. The processors involved were used in PCs, Internet of Things (IoT) devices, and servers. The news then came out that the flaws had been detected much earlier in the year, but no announcements were made.
That seems a gross abuse of users’ rights on one hand as it leaves them at the mercy of hackers for months. On the other hand, announcing the problem before there was a fix could also create problems. Hackers unaware of the flaws might decide to jump in the game and wreak more havoc.
At the time AMD, the main rival to Intel, quickly pointed out that their CPUs were not affected. A bit of Intel bashing ensued as frequently happens in the hyper competitive CPU marketplace. It appears that AMD spoke too soon as a more recent report suggests that newer AMD CPUs may also have security flaws.
AMD’s reaction was pointed. The firm that discovered the flaws only gave AMD the details of the flaws the day before they went public. Typically, AMD likes to have 90 days to confirm the flaws internally and, if verified, start working on a fix. The concern with the early release is what was mentioned above, that it could give the bad guys a chance to exploit them before a fix is available. Fortunately, no attacks or breaches have been discovered “in the wild” so AMD users do not need to be alarmed at this time.
The complexity of modern CPUs is astonishing. They must be to provide the amazing levels of performance we enjoy. The most common industry measure of complexity is the transistor count. An early Intel CPU in 1971 (the 4004) had 2,300 transistors. By 2017, the count has grown into the billions; 18 B for a Qualcomm chip and 19.2 B for an AMD quad core chip (4.8 B per core). And more complex firmware is required to manage these amazing engineering masterpieces. Perhaps this growing complexity drives up the chance for flaws to develop or at least go undetected.
Regardless of the reasons for these flaws in both hardware and software, CRIP.TO recognized their potential from the beginning and structured its Shield and Black products specifically to eliminate them. Our unique recipe of open source software handles encryption and data transmission while our custom hardware chip handles stronger encryption and a practically impossible-to-crack device to house critical information.
Instead of letting this type of news worry you, use it to take steps to protect yourself. Look at the CRIP.TO solution that provides the highest level of anonymity and data protection available to the public. You deserve the right to communicate fearlessly and CRIP.TO is dedicated to helping you do exactly that.
Copyright © 2017–2018 CRIP.TO OÜ
Originally published at crip.to.
