What do you think? Leave a respectful comment.

Is your computer safe from hackers?

This week, Google announced the discovery of three design flaws in processors of computers, tablets and smartphones that could let hackers access data. Dmitri Alperovitch, co-founder of CrowdStrike, tells Hari Sreenivasan about the vulnerabilities and what’s being done to address them.

Read the Full Transcript

  • Judy Woodruff:

    Now- the discovery of a cyber-security risk that could potentially jeopardize billions of computers, smartphones and the cloud system, where information is stored.

    Fixes are on the way, but they present their own problems.

    Hari Sreenivasan gets the latest on what's prompting these worries and what technology companies are doing to stop potential hacks.

  • Hari Sreenivasan:

    The risks were first discovered last year. Then stories about those risks were published earlier this week on the Web.

    The problem, design flaws in microprocessors, including those made by companies such as Intel, AMD and others, that could allow hackers to potentially access servers and customer data.

    It's not just the individual computers, but also services that exist in the cloud. Researchers at Google say that nearly every processor made since 1995 could be at risk.

    There are fixes in some cases, better known as patches, but they may be slow and they may slow systems down.

    To help us understand more about all this is Dmitri Alperovitch. He is the founder of the cyber-security firm CrowdStrike.

    Dmitri, help us understand what these flaws are. There's more than just one.

  • Dmitri Alperovitch:

    There are actually three of them that were discovered by Google last year. And they are very insidious.

    They're essentially design flaws in these processors that take advantage of the optimizations that these processors rolled out 20 years ago to help run your code faster on these computers.

    And, of course, the processors are the brains of these computing devices. They're responsible for all the computations that have taken place. They're inside your phone. They're inside your laptop. They're inside your servers.

    And what these researchers found out is that you can take advantage of the operations of these processors to actually get access to data that you're not supposed to have when you're running your code.

    So it really mostly impacts computers where you have shared users.

  • Hari Sreenivasan:

    OK. So, you're in the risk assessment business. What's our exposure here as average customers or even as businesses?

  • Dmitri Alperovitch:

    Well, the important thing that people need to understand is that this could have been much, much worse.

    Google first discovered this and started notifying vendors that have been working on these patches over six months ago. If this had been released and made public six months ago, we would have had a massive problem, because all these cloud services, whether they're Google, or Microsoft, or Amazon, would have been vulnerable.

    And so much of our data is stored there, when you think about our iPhones that store data in the Apple cloud, or Android phones store data in the Google cloud. So many services like Alexa send data to Amazon cloud and so forth. All of that data would have been vulnerable.

    The good thing is that, for the last six months, very, very quietly, a lot of these vendors worked together to mitigate the problem. And even though the patch got released a little bit early — the coordination release was supposed to actually happen on January 9 — it had to be accelerated.

    Most vendors were prepared and over the last 24 hours furiously were patching their systems. So, by now, most of these cloud providers are already safe.

  • Hari Sreenivasan:

    I mean, this seems like a very large ecosystem to try to coordinate. You have people that sell you the phones and computers. You have people that sell you software. You have people that sell you cloud services.

    All of them have to be on the same page and protect themselves at the same time.

  • Dmitri Alperovitch:

    Well, this particular vulnerability or set of vulnerabilities is actually the nightmare scenario.

    It impacts not just the processors. It impacts operating system vendors like Microsoft, and Apple and Linux. It impacts browsers. So, all the major browsers had to get updated as well. It impacts virtualization providers.

    So, all of that very complex ecosystem had to work together the last six months to release a patch and do so quietly, because no one wanted the criminals to get ahold of this before the patches were ready.

  • Hari Sreenivasan:

    So, Dmitri, on the one hand, you're saying that it might not affect end consumers on their laptops as much.

    But you are also describing a nightmare scenario for cloud service providers. So, how should we parse this?

  • Dmitri Alperovitch:

    Well, what you should be doing is, you should be asking of your vendors, particularly cloud providers and others that store your data, whether they're fully patched for this vulnerability, because, if they're not, that data is at extreme risk for someone being able to steal it.

  • Hari Sreenivasan:

    And, finally, how long are all of these patches going to take? You're talking about the physical hardware that is sitting inside millions of devices.

  • Dmitri Alperovitch:

    The important thing to understand is that to actually fix this vulnerability, you do need to replace the hardware. And that hardware is not available today. Those processors will probably take years to actually deliver to consumers.

    But the patches that are available are essentially mitigating the impact of this vulnerability. Unfortunately, some of them are actually disabling the optimizations, the performance optimizations that have been released by these processors over 20 years ago.

    And there is some performance impact that companies and individuals will see as a result of applying this patch. In most cases, for the modern systems that were bought in the last five years, that impact shouldn't be more than 5 percent degradation.

    But if you have older hardware, you may see a much more drastic impact.

  • Hari Sreenivasan:

    All right, Dmitri Alperovitch of CrowdStrike, thanks so much.

  • Dmitri Alperovitch:

    Thank you.

Listen to this Segment