BEIJING, CHINA (REUTERS – The 31-year-old information security researcher and post-doctoral fellow at Austria’s Graz Technical University who discovered the Meltdown chip flaw said on Friday (January 5), said what he saw was scary.
Google and other security researchers this week disclosed two major chip flaws – one called Meltdown affecting only Intel Corp chips and one called Spectre affecting nearly all computer chips made in the last decade.
Daniel Gruss said compared to Meltdown, Spectre was much more complicated.
“You can compare the Meltdown attack with a pickpocket. You can easily learn the tricks of a pickpocket and, as compared to that, the Spectre attack is more like a Jedi mind trick, and you convince someone else to just hand them over their purse,” Gruss told Reuters.
“So, the Spectre attack manipulates the computer into a state where it believes it should do something that it should not do. So, it’s a sort of different angle of the attack here, and therefore it’s much harder to exploit but, also, much harder to prevent.”
Security issues with Intel microchips are only slowing computers slightly, technology companies said, as researchers played down the need for mass hardware replacements to protect millions of devices from hackers.
That raised the prospect of Intel being on the hook for lawsuits claiming that software patches to fix the issue would slow computers and effectively force consumers to buy new hardware, driving the company’s shares down.
But Intel said in a statement after U.S. stock markets closed on Thursday (January 4) that the performance impact of the recent security updates should not be significant and would be mitigated over time.