7 On Your Side: Computer passwords vulnerable to discovered hack
GRAZ, AUSTRIA —
Seven On Your Side spoke to the person leading a research team which recently discovered vulnerabilities affecting most desktop, laptop and smarthphone computer chips.
“We show where we leak a password while it is entered to the password manager,” said Dr. Daniel Gruss of Graz University. “When we tried this on our own computers, it spat out addresses from our own browser history. It spat out texts from private emails that we sent to people.”
The team, including researchers from Google, posted their videos on spectreattack.com
The two uncovered vulnerabilities are named Meltdown and Spectre. Meltdown was named by the research team because it “melts down” the CPU chips security. Spectre was also named because it’s harder to fix and is expected to “haunt” mobile apps for “years to come,” according to researchers.
US and UK cybersecurity agencies have not reported hackers exploiting either Meltdown or Spectre yet. The research team waited to reveal their findings until computer makers designed patches to fix vulnerabilities.
“We proposed this patch in May 2017 and we are really happy it got picked up by Intel and the other companies,” added Gruss.
The following are vulnerable to either the Meltdown or Spectre hacks and should be upgraded as soon as possible:
Nearly every computer using Intel chips, which includes most Windows and MacOS computers.
Smartphones using ARM chips, including all iPhones and many Android phones.
The following are not vulnerable to either Meltdown or Spectre:
Desktops or laptops using AMD chips
Wearable technology including smartwatches
Home appliances connected to the internet