Technology

8 More Security Flaws Found In Processors

Posted on by Andy Miller

Following on from the revelation in January that 2 major security flaws are present in nearly all modern processors, security researchers have now found 8 more potentially serious flaws.

Eight?

According to reports by German tech news magazine c’t, the 8 new security flaws in chips / processors were discovered by several different security teams. The magazine is reported to have been given the full technical details of the vulnerabilities by researchers and has been able to verify them.

The new ‘family’ of bugs have been dubbed Spectre Next Generation (Spectre NB), after the original Spectre bug that was made public along with the ‘Meltdown’ bug at the beginning of the year.

90 Days To Respond

The researchers who discovered the bugs have followed bug disclosure protocols, and have given chip-makers and others 90 days to respond and to prepare patches before they release details of the bugs. The 90 day time limit ran out on Monday 7th May.

Co-ordinated Disclosure

Intel is reported to have been reluctant to simply acknowledge the existence of the bugs, preferring to have what it calls a ‘co-ordinated disclosure’, presumably near the end of the protocol time limit, when there has been time to prepare patches and to mitigate any other issues.

It is not yet clear if AMD processors are also potentially vulnerable to the Spectre-NG problems.

How Serious Are The Flaws?

There have been no reports, as yet, of any of the 8 newly-discovered flaws being used by cyber-criminals to attack firms and extract data. According to the magazine C’t, however, Intel had classified half of the flaws as “high risk”, and the others as “medium risk”.

It is believed that one of the more serious flaws could provide a way for attackers access a vulnerable virtual computer, and thereby reach the server behind it, or reach other software programs running on that machine. It has been reported that Cloud services like Amazon’s AWS may be at risk from this flaw.

Meltdown and Spectre

The original Meltdown and Spectre flaws were found to have been present in nearly all modern processors / microchips, meaning that most computerised devices are potentially vulnerable to attack, including all iPhones, iPads and Macs.

Meltdown was found to leave passwords and personal data vulnerable to attacks, and could be applied to different cloud service providers as well as individual devices. It is believed that Meltdown could affect every processor since 1995, except for Intel Itanium and Intel Atom before 2013.

Spectre, which was found to affect Intel, AMD and ARM (mainly Cortex-A) processors, allows applications to be fooled into leaking confidential information. Spectre affects almost all systems including desktops, laptops, cloud servers, and smartphones.

What Does This Mean For Your Business?

The discovery of a family of 8 more flaws on top of the original 2 ‘Spectre’ and ‘Meltdown’ flaws is more bad news for businesses, particularly when they are trying to make things as secure as possible for the introduction of GDPR. Sadly, it is very likely that your devices are affected by the several or all of the flaws because they are hardware flaws at architectural level, more or less across the board for all devices that use processors. The best advice now is to install all available patches and make sure that you are receiving updates for all your systems, software and devices.

Although closing hardware flaws using software patches and updates is a big job for manufacturers and software companies, it is the only realistic and quick answer at this stage to a large-scale problem that has present for a long time, but has only recently been discovered.

Regular patching is a good basic security habit to get into anyway. Research from summer 2017 (Fortinet Global Threat Landscape Report) shows that 9 out of 10 impacted businesses are being hacked through un-patched vulnerabilities, and that many of these vulnerabilities are 3 or more years old, and there are already patches available for them.

Google Driverless Car Involved In Smash

Posted on by Andy Miller

A self-driving vehicle owned by Google’s Waymo has been involved in a smash in Arizona when it was hit by a car that swerved across multiple lanes.

Driverless Mode – But With Person On Board

The Google car was in autonomous / driverless mode at the time of the crash, but had a test driver in the driver’s seat. The lady occupant is reported to be recovering from the incident.

A discussion is now underway as to whether the driverless car system or the test driver on board could have done anything more to avoid being hit by the other vehicle.

Waymo and Jaguar

Waymo is the self-driving car company that is owned by Google’s parent company Alphabet, and has been testing driverless vehicles since 2009. It has been reported that Waymo wants to purchase 20,000 Jaguar electric vehicles as part of its plans to launch a robotic ride-hailing service in the US.

It is understood that Waymo’s link-up with Jaguar will mean that from 2020 to 2022, UK-based (owned by India’s Tata Motors ) Jaguar Land Rover (JLR) I-PACE electric cars will be providing up to one million rides per day in the service. It is thought that Jaguar cars will appeal to more upmarket customers, thereby already showing the possibilities for segmentation in driverless ride-hailing services.

The ride-hailing service will be launched on a small scale in Phoenix, Arizona, first in the coming months.

Not The First Autonomous Vehicle Accident

Although the Google car did not cause the crash, this is not the first time an autonomous vehicle has been involved in a serious incident. Back in March, Uber suspended all self-driving car tests in all North American cities after a fatal accident a 49-year-old woman was hit and killed by one of its autonomous vehicles as she crossed the street in Tempe, Arizona.

This was the second time that Uber has pulled its self-driving cars from the roads after an accident. A year earlier, also on Arizona, an Uber Volvo SUV in self-driving mode ended up on its side after another vehicle “failed to yield” to the Uber car at a left turn.

Autonomous Lorry Convoys on UK Roads This Year

Last year, the UK government announced that ‘platoons’ (mini-convoys) of self-driving, partially autonomous lorries are to be tested on British roads before the end of 2018. The so-called ‘platoons’ will take the form of several lorries driving closely together in a line in the inside lane, with the lead lorry wirelessly controlling the acceleration and braking for all the lorries, and with the following lorries responding to the changes in speed.

It is understood that for the tests which have been promised since 2014 and will be carried out by the Transport Research Laboratory (TRL), a human driver will be in the cab of the lead lorry, and will be able to take control if things don’t go entirely to plan.

What Does This Mean For Your Business?

Autonomous vehicles and vehicles with autonomous elements are already being tested and used in commercial environments and as part of the transport system in the US and the UK. The combination of driverless vehicles powered by electricity and using AI technology could provide a more environmentally-friendly solution to a variety of different transportation and delivery challenges, and to hopefully reduce traffic accidents.

The accidents involving driverless vehicles to date have, however, prompted some commentators to warn that the technology is being deployed before it is ready. Clearly, it is still early days for autonomous vehicles which means that there are still many untapped opportunities to use autonomous vehicles commercially, and there are of course many challenges and issues to consider around safety, insurance, regulations and reliability.

Autonomous vehicles are likely to be adopted more quickly on closed sites first, but operators who decide to adapt such sites to work for autonomy could expect significant improvements in productivity and safety.

Despite any bad press from the unfortunate crashes involving test autonomous cars in the US, having an emerging industry such as autonomous vehicles, with all its talent, technology and development centres here in the UK represents a huge opportunity for UK businesses as potential suppliers, beneficiaries of the technologies and products, and spin-off market opportunities. It also represents an opportunity for UK insurers.

Whereas the UK has a skills gap in many areas of the technology market, with the right amount of support and backing from the government and other investors, the testing, developing, and production of autonomous vehicles and the necessary technologies could be one area where home-grown talent is tempted to stay in what could become a world-centre of excellence for autonomous vehicle / AI technology.