Since the development of the Internet, in addition to more and more abundant network resources, our Internet devices are constantly updated. Nowadays, whether we use a computer or a mobile phone, there is a core component, and that is the CPU. With it, we can ensure that our equipment can operate normally.
Of course, here is not just talking about the CPU, but to pay attention to the current chip security issues. As early as the beginning of 2018, Intel was exposed to technical flaws in its chips leading to important security breaches.
Intel chip vulnerability was shocked by the industryOn January 2, Jann Horn, a researcher at Google's security team Google Project Zero, posted two sets of chip vulnerabilities, Meltdown and Spectre, on their organization's website, corresponding to the global unified vulnerability library CVE-2017-5754. , CVE-2017-5753/CVE-2017-5715. The three independent groups that discovered the Meltdown vulnerability, the Cyberus Technology team, and the Graz Technical University research team in Austria all reached similar conclusions.
A stone has stirred up thousands of waves. After these two vulnerabilities were exposed, they immediately attracted widespread attention in the global information industry. Such disasters will also affect almost all computers and mobile terminals and even cloud service providers around the world. Meltdown and Spectre also affect all Intel processors after 1995, except Itanium and Atom. Spectre also affects AMD, ARM, and NVIDIA's chip products, which affects the entire computer processor world.
Although there have been no direct attacks related to these two vulnerabilities, various chip vendors, operating system vendors, browser vendors, and cloud service vendors have released security bulletins and taken The corresponding measures to repair the vulnerability.
In fact, Intel had already learned about the vulnerability from Google in June last year. According to sources, Jann Horn reported the problem to the three major chip manufacturers in June 2017, but it was not taken seriously. With timely processing. Under normal circumstances, it is customary for information industry companies to lag behind the disclosure of security vulnerabilities. The purpose is to find a means of repair before the disclosure of vulnerability information to prevent hackers from quickly exploiting vulnerability information to launch attacks. However, Intel did not announce it in the past six months after the vulnerability was discovered. The reason for this is also speculative.
Interestingly, after Intel learned about these two vulnerabilities, it not only did not pay attention to it, and did not submit the vulnerability to the US government. That is to say, before the public was informed of the vulnerability information, the US government did not know the existence of these vulnerabilities. In the face of the inquiry, Intel said that they did not think it necessary to share the vulnerability information with the US government because the hackers did not exploit these vulnerabilities.
AMD chip vulnerabilities have been exposedCoincidentally, in addition to Intel's exposure to major vulnerabilities, an Israeli security company CTS Labs recently released a security white paper stating that there are 13 security holes in the chips sold on AMD.
The vulnerabilities pointed out by the CTS require administrator privileges to be discovered, and the disclosure of vulnerabilities affects AMD Ryzen desktop processors, Ryzen Pro enterprise processors, Ryzen mobile processors, and EPYC data center processors.
According to CTS, there are no mitigation measures for these vulnerabilities, and different vulnerabilities correspond to different platforms, 21 of which have been successfully utilized, and 11 are likely to be exploited.
Interestingly, in general, according to industry practice, these vulnerabilities are discovered and handed over to the relevant companies in advance, so that they have time to remedy the situation and avoid being used by other hackers. However, this time CTS did not communicate with AMD and released related vulnerabilities, which may cause great security risks.
Fortunately, unlike the fatal vulnerability that Intel can exploit through remote cracking, these security vulnerabilities announced by CTS are basically special conditions that need to be built into the specially crafted BIOS, obtain administrator privileges, and install specific unsigned drivers. In order to trigger, such harsh conditions are almost tantamount to breaking into other people's homes and stealing computer hosts.
And just after the Intel vulnerability incident, the AMD chip vulnerability was exposed, and there was no direct communication. The reason was intriguing.
Network security issues can not be underestimatedOf course, in any case, the chip vulnerability is constantly exposed, which also indicates that the current network security situation is very bad. From a technical perspective, cybersecurity is an eternal topic. After all, no company that is engaged in cybersecurity can guarantee that it is impeccable. Moreover, when hackers look for vulnerabilities, cybersecurity maintainers can only passively defend, so passive defense will always be found flawed.
Since it cannot be completely banned from the technical level, the intelligent conversion idea is limited from the legal level. At this year's two sessions, the issue of cybersecurity has also attracted a lot of people's attention, and there are already relevant policies and regulations to escort cyber security.
On June 1, 2017, the "Network Security Law of the People's Republic of China" was officially implemented. This "Network Security Law" has three basic principles, that is, the principle of cyberspace sovereignty, the principle of network security and informatization development, and common governance. in principle. These three principles also clarify the boundaries of the network, delineate government responsibilities, and raise cybersecurity to the national level.
Establishing a sound network and information security laws and regulations, and building a new network and information security governance system is also the direction of national network security. Although it cannot be said that these regulations will be completely solved, the network security problem will be completely solved, but the reduction is still foreseeable. of.
summarySince the invention of the Internet, the attack and defense of network security has continued to this day. Although the hacking behavior against ordinary people has been greatly reduced with the development of the times, this does not mean that their harm is weakened. On the contrary, these The attacks are basically concentrated in major enterprises and important state institutions, and network security is at stake.
The introduction of relevant policies can effectively reduce hackers' unwarranted attacks, but the behaviors that go straight to the interests are like nothing. The cyber security is not only prohibited by the law alone, but also requires the joint efforts of cyber security personnel and the government. OK, this battle is also destined to be lasting, and it must be hard.
The above is about the embedded medium-chip vulnerability frequently exposed network security crisis, if you want to know more information, please pay attention to eeworld, eeworld electronic engineering will provide you with more complete, more detailed, updated information.
Solar Home Lighting System Kit
SHENZHEN CHONDEKUAI TECHNOLOGY CO.LTD , https://www.siheyidz.com