A major new security vulnerability could leave millions of users exposed to hackers.
A major new security vulnerability could leave millions of users exposed to hackers.

Massive flaw exposes passwords

AN Australian researcher was among a crack team of security experts who discovered two flaws in Intel-powered computers revealed this morning that could see users' passwords stolen, bank accounts raided, and social media profiles hacked.

The widespread computer hardware problems, which Intel detailed in a security advisory notice, affect all computers using Intel chips, including Apple Macs, Microsoft Windows PCs, and Linux systems.

And security experts are warning users to download software patches to protect their computers as soon as possible.

Computer researcher Dr Yuval Yarom, from CSIRO's Data61 and the University of Adelaide's School of Computer Science, was one of a team of international security researchers who identified a new flaw dubbed Fallout in February this year.

The widespread computer hardware problems affect all computers using Intel chips, including Apple Macs, Microsoft Windows PCs, and Linux systems.
The widespread computer hardware problems affect all computers using Intel chips, including Apple Macs, Microsoft Windows PCs, and Linux systems.

A second team, including academics from Amsterdam, identified a second vulnerability in the chips called RIDL.

Dr Yarom said the faults could allow hackers to access information being processed on computers without authorisation, potentially revealing usernames, passwords, and other sensitive information.

"It's another tool for hackers," he said. "These vulnerabilities could expose information and let the attacker break passwords."

The hardware problem has been confirmed in Ivy Bridge, Haswell, Skylake, and Kaby Lake Intel processors, but Dr Yarom said newer computer chips that were "supposed to be protected (were) actually slightly more vulnerable than older generations".

While millions of computer users were left exposed by the security problem, attackers could use it to steal information from high-profile targets, such as government, defence, or financial organisations.

"My gut feeling is that this is something that would take a well-resourced hacker to exploit, but there are well-resourced players in this field," Dr Yarom said.

A spokesman for cyber security firm Bitdefender also warned the vulnerabilities could be "weaponised in highly targeted attacks" as they allowed digital theft without the need to compromise an entire operating system.

Intel, Microsoft, and Apple were expected to release software updates to patch the vulnerabilities in the coming days.

Dr Yarom said computer users should install patches as a matter of urgency to secure their information.

The widespread hardware flaw follows others named Spectre, Meltdown, and Foreshadow discovered last year, and comes after several sophisticated cyber attacks on governments, including one that compromised the Australian Parliament House network, and computers from the Liberal, Labor, and National parties.