Two Worcester Polytechnic Institute researchers and a team they lead have discovered what the school says are serious security vulnerabilities in computer chips affecting laptop, desktop and other users around the world.
The issues — which have since been addressed, WPI says — were in computer chips made by California-based Intel Corp. and the Swiss firm STMicroelectronics. The flaws would have allowed hackers to steal information supposed to be stored securely, compromising a computer’s operating system.
“If hackers had taken advantage of these flaws, the most fundamental security services inside the operating system would have been compromised,” said Berk Sunar, professor of electrical and computer engineering and leader of WPI’s Vernam Lab, which focuses on applied cryptography and computer security research.
“This chip is meant to be the root of trust. If a hacker gains control of that, they’ve got the keys to the castle,” Sunar said in a statement with WPI’s announcement of the discovery of the flaw on Tuesday.
Sunar and another WPI researcher, Daniel Moghimi, worked with Thomas Eisenbarth, a professor of information technology security at the University of Lubeck in Germany, and Nadia Heninger, an associate professor of computer science and engineering at the University of California San Diego.
Sunar and Moghimi routinely search for security flaws in software, hardware and networks, WPI said. They report them to the companies so the problems can be patched before malicious hackers exploit them.
