US govt warns businesses about cyber bug in Intel chips : The Tribune India

Join Whatsapp Channel

US govt warns businesses about cyber bug in Intel chips

The US government on Tuesday urged businesses to act on an Intel Corp alert about security flaws in widely used computer chips as industry researchers scrambled to understand the impact of the newly disclosed vulnerability.

US govt warns businesses about cyber bug in Intel chips

Photo for representation only.



November 21

The US government on Tuesday urged businesses to act on an Intel Corp alert about security flaws in widely used computer chips as industry researchers scrambled to understand the impact of the newly disclosed vulnerability.

Homeland Security gave the guidance a day after Intel said it had identified security vulnerabilities in remote-management software known as "Management Engine" that shipped with eight types of processors used in business computers sold by Dell Technologies Inc, Lenovo Group Ltd, HP Inc , Hewlett Packard Enterprise Co and other manufacturers.

Security experts said that it was not clear how difficult it would be to exploit the vulnerabilities to launch attacks, though they found the disclosure troubling because the affected chips were widely used.

"These vulnerabilities affect essentially every business computer and server with an Intel processor released in the last two years," said Jay Little, a security engineer with cyber consulting firm Trail of Bits.

For a remote attack to succeed, a vulnerable machine would need to be configured to allow remote access, and a hacker would need to know the administrator's user name and password, Little said. Attackers could break in without those credentials if they have physical access to the computer, he said.

Intel said that it knew of no cases where hackers had exploited the vulnerability in a cyber attack.

Homeland Security advised computer users to review the warning from Intel, which includes a software tool that checks whether a computer has a vulnerable chip. It also urged them to contact computer makers to obtain software updates and advice on strategies for mitigating the threat. (http://bit.ly/2zqhccw) Intel spokeswoman Agnes Kwan said the company had provided software patches to fix the issue to all major computer manufacturers, though it was up to them to distribute patches to computers users.

Dell's support website offered patches for servers, but not laptop or desktop computers, as of midday Tuesday. Lenovo offered fixes for some servers, laptops and tablets and said more updates would be available Friday. An HP representative said the company would soon post fixes on its support site.

Security experts noted that it could take time to fix vulnerable systems because installing patches on computer chips is a difficult process.

"Patching software is hard. Patching hardware is even harder," said Ben Johnson, co-founder of cyber startup Obsidian Security. — Reuters.

Top News

Arvind Kejriwal to be produced before Delhi court today as 6-day ED custody ends

Excise policy case: Delhi court extends ED custody of Chief Minister Arvind Kejriwal till April 1

In his submissions, Kejriwal said, ‘I am named by 4 witnesse...

Delhi High Court dismisses PIL to remove Arvind Kejriwal from CM post after arrest

Delhi High Court dismisses PIL to remove Arvind Kejriwal from CM post after arrest

The bench refuses to comment on merits of the issue, saying ...

‘Unwarranted, unacceptable’: India on US remarks on Delhi CM Arvind Kejriwal’s arrest

‘Unwarranted, unacceptable’: India on US remarks on Delhi CM Arvind Kejriwal’s arrest

MEA spokesperson says India is proud of its independent and ...

Bullying Congress culture, no wonder being rejected: PM Modi, backs senior lawyers who flagged attempts to undermine public trust in judiciary

Bullying Congress culture, no wonder being rejected: PM Modi

Backs senior lawyers who flagged attempts to undermine publi...

Gujarat court sentences former IPS officer Sanjiv Bhatt to 20 years in jail in 1996 drug case

Gujarat court sentences former IPS officer Sanjiv Bhatt to 20 years in jail in 1996 drug case

Bhatt, who was sacked from the force in 2015, is already beh...


Cities

View All