OS Vendors Misinterpret Intel Documentation, Putting Users at Risk
Today’s topics include misunderstood Intel documentation leading to a multivendor vulnerability, and Google’s Duplex voice response system sounding more authentic due to improved AI.
Major operating system vendors including Microsoft and Apple, as well as Linux distributions, misinterpreted Intel documentation about a hardware debugging feature and ended up exposing users to risk because they enabled unauthenticated users to read sensitive data in memory or control low-level operating system functions.
The flaw was publicly reported on May 8 by researchers Nick Peterson of Everdox Tech and Nemanja Mulasmajic of triplefault.io, though impacted vendors were notified on April 30 and have already released patches.
Mulasmajic wrote on Twitter, "We've got working exploit code for Windows (should work on Linux too) on both Intel and AMD hardware. We do plan on releasing it after we give a presentation/talk in the near future."
Google debuted last week its Google Duplex outgoing interactive voice response system, which is programmed to sound and act like a real person.
IVR systems are not new, and Google Duplex isn’t even the first outgoing IVR system that’s based on artificial intelligence. Similar IVR systems are populating call centers, usually acting as a first line of customer service.
However, the voice response in Google Duplex has become marginally better and more human. The competence of the AI that operates in the background has also improved, making responses to human interaction more natural.
Google is now focusing on using Duplex with Google Assistant, its virtual assistant that works in its Google Home speaker as well as a number of other devices ranging from mobile phones to television sets.