INSUBCONTINENT EXCLUSIVE:
Authors: JordanImage caption
The Spectre and Meltdown chip bugs made it possible to steal key data from processors
Security researchers have found eight novel flaws in computer chips that are similar to the "serious" bugs found earlier this
year.In January, computer firms rushed to fix the Meltdown and Spectre flaws that, under certain conditions, allowed attackers to steal
data.The latest discoveries let data be stolen in similar ways and have been shown to work under lab conditions.Chip-makers are now
analysing the bug reports before details are made public.German tech news magazine c't broke the news about the eight bugs
It said several different security teams had discovered the flaws - which it dubbed Spectre Next Generation.The teams who uncovered the
Spectre NG family of flaws have followed standard bug disclosure protocols and given chip-makers and others 90 days to respond and prepare
patches before they release details
The 90-day deadline on releasing information about some of the flaws expires on 7 May.C't said Intel had classified four of the flaws as
"high risk" and the rest as "medium"
One of the most serious bugs could theoretically let attackers use their access to one vulnerable virtual computer to get at the server
behind it, or at other similar software programs running on the same machine
Cloud services such as Amazon's AWS could be "particularly affected" by this flaw, it said.Intel declined to comment on c't's findings
It said reports that it was planning to formally acknowledge the existence of the bugs were premature."We believe strongly in the value of
co-ordinated disclosure and will share additional details on any potential issues as we finalise mitigations," Intel told tech news site The
Register.Chip-maker AMD told Reuters that it was aware of reports about the fresh flaws and was examining the findings
Image copyrightReutersImage caption
Cloud services could be put at risk by one flaw, warned researchers
"Considering what we have seen with Meltdown and Spectre, we should expect a long and painful cycle of updates, possibly even performance or
stability issues," Yuriy Bulygin, former Intel security researcher and head of hardware security firm Eclypsium, told Reuters.Mr Bulygin
said the publicity around Spectre and Meltdown had made chip attacks a "hot" area of research."Bad actors have probably already invested in
such attacks by now," he said.None of the eight flaws examined by c't is being used by cyber-criminals to attack firms and extract data
The German report is the latest in a series from security researchers who have sought flaws similar to Meltdown and Spectre
Previously, three separate teams have released reports about bugs that let them take data under lab conditions