Just recently one of the worst hardware based security flaws of all time (and there have been plenty) was made public. It affects nearly all Intel processors launched in the past decade, and it allows any attacker to gain access to information stored on the machine, regardless of its operating system. It was also discovered that the problem can extend to other architectures like AMD or ARM, which is found in a huge portion of mobile devices. As such, we are going to explain if this problem can affect an Android smartphone or not.
What exactly is ‘Intelgate’?
On January 2nd, the British newspaper The Register published details about the problem, although it was already well known in certain sectors. It’s a security flaw at the hardware level, and it relates to critical memory scripts that allow an attacker to gain admin access and easily get into any part of the system. Another problem concerns the isolation of applications in the same system, meaning that a person could use the exploit to gain access to information stored by other programs. Since the problem can’t be solved physically, the solution lies in security patches released by operating system developers to isolate the flaw, even though the fix may have a negative impact on the processing speed of the system. Initial estimates put the decrease at 5 to 30%, although it’s very relative and the consequences have yet to be seen.
As mentioned previously, the problem appears to have already been known, and Intel recently launched a notice that they intend to resolve the problem and affirmed that it affects not only their system, but also AMD and ARM processors. Tech giants like Microsoft and Google are already taking matters into their own hands by releasing security patches which are already being distributed, in addition to expanding their own inquiries into the issue alongside others. There are different versions of the exploit, which have already been named: the partners in crime are called Spectre and Meltdown. This website has a lot of information uncovered so far as well as its possible scope.
How does this affect my Android devices?
Without going into details, we are going to concentrate on one issue: ARM architecture is present in an endless number of Android devices, used by many processor manufacturers. Axios has confirmed that the exploit Spectre affects the Cortex-A line, which is used by the vast majority of brands on the market. At the moment Intel only has repercussions on Intel. One way to check if your devices use ARM architecture is to use tools like CPU-Z.
Google, ahead of others as always, confirmed that they have known about the problem since last year, and are already working on patches to fix the exploit. In this table you can see how this affects its products. On January 23rd they will launch an update for Chrome that adds an option to ‘isolate sites‘. Although they have confirmed that their browser isn’t affected, the truth is that there are many users who found the opposite. One temporary solution is to activate the precaution manually by typing ‘chrome://flags’ into the browser, but this will only affect the normal functions of the application.
As for the operating system, the first week of 2018 has already brought the release of an official security patch for Android that tackles the problem, although at the moment only for Pixel and Nexus devices. And as seen countless times before, many companies take several months to implement these updates into their own modified versions of Android. Seeing how things are going, we almost recommend updating your system as soon as possible via OTA. But for now we are remaining calm, because Google has affirmed that it would be very difficult for anyone to take advantage of the vulnerability on Android. If Google says it, that’s good enough for us.
But it’s not all bad news, as Google has also confirmed that none of its cloud apps (Chrome, Photos, Calendar, etc.) appear to be affected, and by extension neither are its external hardware products like Chromecast or Google Home.