Security experts are warning companies that the only way to fully protect themselves against hackers taking advantage of a newly revealed, pervasive flaw in chip design dubbed the Meltdown and Spectre bugs, that could allow hackers to steal data, is to completely replace their computer systems.
The unusual warning has presented companies with an unenviable choice of embarking on an expensive IT overhaul or risking an attack, once hackers learn how to take advantage of the two vulnerabilities.
However, the sheer cost and complexity of replacing so much IT infrastructure leaves big tech users with little choice but to continue with their current systems and rely on incomplete fixes being produced by their tech suppliers, according to computer security experts.
The predicament, revealed this week, stems from serious flaws that have been discovered in chips made by Intel, AMD and Arm, and used in almost all computers, servers and smartphones. The flaws make it possible for a hacker to steal data from a computer’s core memory or from other programs running on the system. It results from a common chip design, making it more deeply embedded in IT systems than the usual software bugs that lead to security failures.
A security research group at Carnegie Mellon University, sponsored by the US Department of Homeland Security, wrote that the only way to fully remove the vulnerability was to replace hardware. Some problems can be mitigated by operating system updates, being rushed out by tech companies such as Microsoft and Apple.
Cyber security experts have also warned that companies using cloud computing services could be particularly vulnerable. If an attacker bought access to one area of the service, they could access another client’s data. However, the hacker would be unlikely to be able to target their attack.
Tod Breadsley, director of research at Rapid 7, said the flaws were among the most significant hardware vulnerabilities ever discovered, though it was unlikely companies will end up replacing their hardware. “That would bankrupt everyone,” he said.