THAI AUTHORITIES are preparing to issue emergency recommendations to banks and the general public to mitigate the potential risks from a newly-discovered threat in computer chips.
The so-called Spectre and Meltdown vulnerabilities affect the chips powering most modern PCs and many mobile devices. Researchers have published details of the flaw, which unlike many previously discovered vulnerabilities, stems from the chip itself and how it safeguards private data stored on computers and networks.
Researchers at Google have also demonstrated how a hacker could exploit the flaw to get passwords, encryption codes and more, even though there have been no reports of any attacks using the vulnerability at this stage. The potential of the threat is huge, as it affects major operating systems including those of Windows, Linux, and Apple.
In Thailand, Kitti Kosavisutte, chairman of the Thailand Banking Sector CERT or (TB-CERT) Committee, said the country’s 14 commercial banks belonging to the Thai Banking Association will soon receive a set of recommendations about how to cope with the potential risks. The Thailand Computer Emergency Response Team or ThaiCERT is then expected to issue recommendations for the general public since the new chip-based flaw could affect billions of computers, mobile phones and other devices worldwide.
Thailand has more than 10 millions mobile banking customers. Internet and mobile banking users are among those who could be affected, although there have been no reported incidents so far.
Kitti said member banks have exchanged information on the new threat and are closely monitoring the latest developments as experts prepare industry-wide guidelines to handle the situation.
Most previous cyber threats involved malware and ransomware, but this threat is from the very computer chips manufactured by ARM and Intel and installed on devices. Kitti said banks are in the process of updating patches to fix the problems but they need time to prepare the remedies as their computer systems’ performance could also be affected.
Servers, desktops, laptops and mobile devices are all said to be vulnerable to the Meltdown and Spectre loopholes.
Thai banks will have to update patches on thousands of computer servers and tens of thousands of desktop computers, as well as a large number of laptop and mobile devices.
For servers, he said, the risks are relatively minor due to firewall protection. Desktop units have a higher risk so Internet access has to be more strictly controlled to prevent hacking.
There are also vulnerabilities for mobile phones and laptop computers which will be addressed. “The full extent of this class of attack is still under investigation and we are working with security researchers and other browser vendors to fully understand the threat and fixes,” Mozilla researcher Luke Wagner wrote in a blog post.
The revelations “attack the foundational modern computer building block capability that enforces protection of the [operating system],” said Steve Grobman, chief technology officer at security firm McAfee. “Businesses and consumers should update operating systems and apply patches as soon as they become available.”
Computer chipmaking giant Intel – the focus of the first reports on the flaw – said the company and its partners “have made significant progress in deploying updates” to mitigate any threats.
– Number of mobile bank users:
– Kasikorn Bank: about 7 million
– Siam Commercial Bank: about 6 million
– New threat is chip-based
– Previous threats were malware, ransomware