Chip Security Vulnerabilities


Chip manufacturers have disclosed vulnerabilities in their software that can lead to unauthorized disclosure of sensitive information. The vulnerability exists in workstations, servers, cloud computing environments, and mobile devices.

The vulnerabilities are the result of a software coding technique called speculative execution. With speculative execution, the software attempts to anticipate upcoming actions or tasks.  By anticipating the next step, the software can do work before the task is needed and reduce response time delays.  If the actions are not needed, the results are ignored.

Two specific vulnerabilities, Meltdown (Intel chips) and Spectre (AMD and Arm chips), can allow a hacker to steal information stored in the memory of a chip including passwords, e-mail messages, and other sensitive information.  The vulnerabilities may also allow a hacker to circumvent or weaken other security features.

What you should do
Organizations should apply security updates per their Patch Management Policy.  Updates should be tested before installing patches in production environments. Devices to be patched include:

  • Workstations
  • Servers
  • Mobile Devices

In addition to addressing vulnerabilities in their internal environment, organizations should contact their third party service providers to:

  • Ensure they are deploying patches in a timely manner
  • Identify any downtime requirements

On an annual basis, engage the services of an outside security auditor to perform a network security audit.  The security audit evaluates the effectiveness and sufficiency of the organization's technical safeguards, physical safeguards, and administrative safeguards.



Security Blog menu   

Tags: chip security vulnerabilities | intel chip vulnerability | amd chip vulnerability | arm chip vulnerability

 


Certified Auditors

Certified Information Systems Auditors
Altius IT's auditors are board certified to audit your systems and issue reports and opinions on your security. We help you identify, manage, and reduce your risks. Our comprehensive audit service uncovers gaps in your existing defenses so that you can better:

  • Fortify your network infrastructure
  • Comply with regulatory requirements
  • Protect your valuable assets

For a full list of our certifications please visit our About Us page.