Explainer How Chip Flaws Spectre Meltdown Work And Whats Next | The News Amed
Connect with us

Markets

Explainer How Chip Flaws Spectre Meltdown Work And Whats Next

Published

on

LAS VEGAS – Smartphones, PCs and servers across the world have received software updates in recent days to plug security gaps on computer chips that cyber security researchers have described as the most serious threat in years.

Researchers identified the problem last year, shared details with chip manufacturers last summer, and then made a public announcement Jan. 3.

What is the problem?

The vulnerabilities, known as Meltdown and Spectre, can allow passwords and other sensitive data on chips to be read. The flaws result from the way computers try to guess what users are likely to do next, a process called speculative execution.

Simon Segars, the chief executive of chip designer ARM Holdings, described speculative execution as the equivalent of spinning a bunch of plates in the air, with the plates holding data.

Watching the order in which the plates land lets observers infer the data, he told Reuters during an interview on Wednesday at the tech industry’s CES conference in Las Vegas.

How bad is it?

Affected chipmakers and large technology companies including Alphabet Inc’s (GOOGL.O) Google say they have not seen any malicious hackers use Meltdown or Spectre in attacks, but the vulnerabilities affect most modern computing devices.

Security analysts have said that Meltdown, which only affects Intel Corp (INTC.O) chips, is easier to exploit because the program to steal passwords and other data can be hidden on a website.

Spectre, meanwhile, requires more direct access to the microchip, but affects central processing units from Intel, Advanced Micro Devices Inc (AMD.O) and SoftBank Group Corp’s (9984.T) ARM.

How have chipmakers and technology companies responded?

Chipmakers have teamed up with Google, Microsoft Corp (MSFT.O), Apple Inc (AAPL.O), and other leading tech companies since the summer to devise software patches.

Do the fixes have side effects?

The slowdown particularly affects Intel chips vulnerable to Meltdown. Intel said on Wednesday that the performance decline is as much as 10 percent, but that a typical home and business PC user should not see big changes in how long it takes to save a document or open a photo stored on a computer.

The patches, however, do not always work with other software. For example, a fix for Spectre led to issues turning on some computers with AMD chips, and a Meltdown patch for Microsoft Windows required changes from antivirus makers.

What is being done to prevent similar problems in the future?

ARM’s Segars said his company has been tweaking designs for future chips to add “maximum flexibility.”

The biggest change is adding more transistors to chips, a negligible cost, to make it easier to turn chip features on and off, he said.

Giving yourself “maximum flexibility” means it will be easier to respond to future flaw discoveries, Segars said.

Chipmakers and operating system makers must also collaborate more. “What’s important to establish there is guidelines around how to write software so you don’t run afoul,” he said.

Reporting by Paresh Dave,

Markets

Japan Raps Coincheck Orders Broader Checks After 530 Million Cryptocurrency Theft

Published

on

By

TOKYO – Japan’s financial regulator said on Monday it would inspect all cryptocurrency exchanges and ordered Coincheck to get its act together after hackers stole $530 million worth of digital money from its exchange in one of the biggest cyber heists on record.

The theft highlights the vulnerabilities in trading an asset that global policymakers are struggling to regulate and the broader risks for Japan as it aims to leverage the fintech industry to stimulate economic growth.

The Financial Services Agency (FSA) on Monday ordered improvements to operations at Tokyo-based Coincheck, which on Friday suspended trading in all cryptocurrencies except bitcoin after hackers stole 58 billion yen ($534 million) of NEM coins, among the most popular digital currencies in the world.

Coincheck said on Sunday it would return about 90 percent with internal funds, though it has yet to figure out how or when.

The NEM coins were stored in a “hot wallet” instead of the more secure “cold wallet”, outside the internet, Coincheck said. It also does not use an extra layer of security known as a multi-signature system.

The FSA said it ordered Coincheck to submit an incident report and measures for preventing a recurrence by Feb. 13.

If necessary, it will conduct on-site inspections of other exchanges, an official told a briefing.

The regulator said it has yet to confirm whether Coincheck had sufficient funds for the reimbursement.

Japan started to require cryptocurrency exchange operators to register with the government only in April 2017, allowing pre-existing operators such as Coincheck to continue offering services ahead of formal registration.

The FSA has registered 16 cryptocurrency exchanges so far, and another 16 or so are still awaiting clearance. Coincheck’s application was made in September.

“It’s been long said that cryptocurrencies are a solid system but cryptocurrency exchanges are not,” said Makoto Sakuma, research fellow at NLI Research Institute.

“This incident showed that the problem has not been solved at all. If Coincheck screws up its crisis management, that could deal a blow to the current cryptocurrency fever.”

NEM fell to $0.78 from $1.01 on Friday but recovered to $0.97 on Monday, according to CoinMarketCap. Crypto-currency related shares mostly rose in Tokyo, with GMO Internet, which offers cryptocurrency exchange service, gaining 5.7 pct.

CRYPTOCURRENCY RISKS

Singapore-based NEM Foundation said it had a tracing system on the NEM blockchain and that it had “a full account” of all of Coincheck’s lost NEM coins. It added that the hacker had not moved any of the funds to any exchange or personal accounts but that it had no way to return the stolen funds to its owners.

In 2014, Tokyo-based Mt. Gox, which once handled 80 percent of the world’s bitcoin trades, filed for bankruptcy after losing around half a billion dollars worth of bitcoins. More recently, South Korean cryptocurrency exchange Youbit last month shut down and filed for bankruptcy after being hacked twice last year.

World leaders meeting in Davos last week issued fresh warnings about the dangers of cryptocurrencies, with U.S. Treasury Secretary Steven Mnuchin relating Washington’s concern about the money being used for illicit activity.

Many countries have clamped down on exchanges.

South Korea will ban cryptocurrency traders from using anonymous bank accounts to crack down on the criminal use of virtual coins. China has ordered some exchanges to close, with the aim of containing financial risks.

But Japan has taken a different tack, becoming last year the first country to introduce national-level regulation of cryptocurrency exchanges.

The move, intended to protect consumers and stymie money laundering, was praised by many traders and operators as progressive.

Continue Reading

Markets

Japans Rakuten To Acquire Asahi Fire For 45 Billion Yen

Published

on

By

TOKYO – Japanese e-commerce company Rakuten Inc said on Monday it would acquire Asahi Fire & Marine Insurance Co Ltd for 45 billion yen ($413.6 million), its latest move to diversify beyond its online shopping site.

Rakuten said it would launch a tender offer and pay 2,664 yen per share of Asahi Fire, a property insurance firm owned by Nomura Holdings and its subsidiary. Nomura confirmed the tender offer in a separate statement.

Reporting by Minami Funakoshi;

Continue Reading

Markets

Google Says Invests In Indonesian Ride-hailing Firm Go-jek

Published

on

By

SINGAPORE – Google has invested in Indonesian ride-hailing firm Go-Jek, as part of its strategy to support and participate in the growth of Indonesia’s internet economy, Caesar Sengupta, a vice president at Google said in a company blog.

“This investment lets us partner with a great local champion in Indonesia’s flourishing startup ecosystem, while also deepening our commitment to Indonesia’s internet economy,” Sengupta said in a post titled “Investing in Indonesia.” bit.ly/2nmqPAf

This month, sources told Reuters that Alphabet’s Google, Singapore state investor Temasek and others were investing in Go-Jek as part of a $1.2 billion fundraising round, bolstering the Indonesian start-up in its battle with deep-pocketed rivals Grab and Uber.

Reporting by Anshuman Daga;

Continue Reading

Trending