TEHRAN, Young Journalists Club (YJC) -Information stored on every desktop computer, smartphone and cloud server since 1995 could be accessed by hackers if two hardware bugs are exploited, a new report has warned.
On Wednesday, security researchers at Google Project Zero disclosed technical details on two security flaws that allow hackers to engage in unauthorized reads of a computer’s memory data, which may contain sensitive information such as passwords.
The researchers discovered that the vulnerabilities affect many CPUs, including those from Intel, Advanced Micro Devices (AMD) and ARM Holdings, as well as the devices and operating systems running on it.
The first method of attack, known as Spectre, can be exploited by hackers to dissolve the barrier that separates different applications and trick otherwise error-free applications into leaking information stored on their memory.
Last year, researchers demonstrated how hackers could utilize “speculative execution” – a technique used by most modern processors to optimize performance – to gain access to sensitive information.
In order to improve speeds, modern processors execute certain functions speculatively, or before it is known whether they are needed. The technique prevents the delay that would come from executing the functions after they are requested.
Jann Horn, a lead researcher for Project Zero who first reported both vulnerabilities, discovered that attackers can take advantage of this technique in order to read information on the system’s memory that should be inaccessible.