Intel promises fix for chip flaw that left billions of devices vulnerable to hackers 'within a week'

CES Brian Krzanich
Intel CEO Brian Krzanich gives the 2018 keynote at CES Credit: Bloomberg

Intel boss Brian Krzanich said 90 per cent of devices affected by the Meltdown and Spectre flaws will be patched within two weeks.

Giving the keynote speech ahead of the opening of the Consumer Electronics Show (CES) in Las Vegas, Mr Krzanich said Intel was working "tirelessly" to fix the problem.

"For our processors and products introduced in the past five years, Intel expects to issue updates for more than 90 per cent within a week, and the remaining by the end of January," he said.

"As of now, we have not received any information that these exploits have been used to obtain customer data."

All eyes were on Mr Krzanich as he took the stage to present a slot that had been booked ahead of last week’s disclosure that billions of Intel, AMD and ARM chips - which can be found in iPhones, iPads, PCs and various smartphones - had left almost all devices on the planet vulnerable to hacking.

iPhone
Billions of devices including iPhones were affected Credit: Reuters

Intel has known about the flaw since June last year, after security researchers from Google approached the company to warn them that their chips allowed hackers to steal all the files on a device, including passwords, by just directing its owner to a malware-laden website.

However, the public were only alerted when a rival chipmaker inadvertently alluded to the security issue in an email newsletter, which caught the attention of journalists at technology website The Register, who published a story online.

Mr Krzanich sold an estimated $39 million in Intel stocks and options in late November.  

Some time between June and December, Intel alerted its customers, which include Apple, Google, Amazon and Microsoft, so they could work together to create a software “fix” and avoid a hardware recall.

The tech giants last week admitted that they were all affected and still working on patching the flaws.

Apple said it had already updated the most recent iPhones and desktop operating systems, but that further patches were necessary.

While there is no evidence that hackers have already exploited the flaws, there is evidence that criminals are offering what they claim are tools to do so on the dark web, a network of hidden websites that only be accessed via special software. 

Adverts claiming to belong to notorious hacking group the Shadow Brokers have appeared on a hacking-for-sale site, offering to retrieve passwords and personal information from victims’ smartphones or computers in return for $8,900 - or the equivalent in Bitcoin. Since the disclosure last week, it was feared that opportunistic criminals would seize the opportunity to exploit this flaw to steal passwords for online services, or personal and confidential files.

The authenticity of the advert has yet to be confirmed but it is likely to be the first of many claimed sales across the dark web, as thieves look to profit from the flaws.

"The advert is enough to show that attackers are trying to exploit and monetise on it. If not from the Shadow Brokers, then other practical exploits will likely surface soon," said Michael Hickey, security consultant and co-founder of My Hacker House.

As software giants work around the clock to send out updates that could protect customers devices, criminal gangs are likely to be tapping the keyboard full speed to profit.

"I’m sure there are people attempting to exploit these vulnerabilities for real, right now,” said Michael Marriott, a research analyst at Digital Shadows, which monitors the dark web.

Mr Marriott said hackers had taken to the dark web and notorious hacking forums to find ways to target the public and businesses. Some may just be an attempt at defrauding people out of money.

"Criminals like to scam other criminals, so in the next couple of months we should see more of this," he said.

License this content