Major #Chip #Bug Enables #German IT #Savvy to #Hack #Billions of #Devices Worldwide

While testing a code that he had written on his computer, 22-year-old Jann Horn, based in Germany, accidentally detected one of the biggest chip bugs known so far. This major flaw affects an enormous number of widely used devices across the planet, including iPads and even baby monitors.

The important discovery he made was that the memory of any device stores data which is vulnerable to hacking. This means that any weak spots in hardware allow programs designed for hacking to exploit a user’s data cache and retrieve information that has been processed on a computer. In more specialized terminology, this is favored by the process of speculative execution, which takes advantage of a user’s data cache to stimulate the fast retrieval of information. As the data cache stores important user information such as images, browser history, e-mails, passwords, messages etc., it is obvious why this discovery is worryingly dangerous.

This major bug impacts the majority of processors released by Intel since 1995, which are mostly used in Apple products. On January 1st it was revealed that there are two hacks that can exploit the flaw: Meltdown, which can access the memory of a device and use the program and the operating system to retrieve information, and Spectre, which tricks a program without errors to disclose information.

Jann Horn is a Google researcher who is part of Project Zero, an exclusive group, the members of which look for unintentional design flaws that make devices vulnerable to hacking. Remarkably enough, the young researcher made this discovery while working on his own, and after comparing his findings with the results of other similar research teams, decided to contact the manufacturers and provide them with the important information on June 1st. However, ARM Holdings Plc. and Advanced Micro Devices Inc. publicly made the announcement only last week, with Intel promising that by the end of the week, 90 percent of the processors should be patched. At the same time, Apple has released multiple updates to fix this vulnerability.