January 5, 2018
Intel confirmed a report indicating that its microprocessor chips contain two major security flaws, which makes the vast majority of world computers vulnerable to hacking. Intel is working with Advanced Micro Devices (AMD), ARM Holdings and other chipmakers and operating system providers to develop a comprehensive, industry-wide approach to combating the potential problems. The two major security flaws, dubbed Meltdown and Spectre, could let hackers access the entire memory contents of computers.
The New York Times notes that at risk are “mobile devices, personal computers, servers running in so-called cloud computer networks.” The scope of the problem is vast, since, say researchers, the Meltdown flaw “affects virtually every microprocessor made by Intel,” whose chips are in “more than 90 percent of the computer servers that underpin the Internet and private business operations.”
Researchers say, “there is no easy fix for Spectre, which could require redesigning the processors,” and that the software patch needed to fix Meltdown “could slow down computers by as much as 30 percent.” Meltdown is particularly problematic for cloud computing services.
“What actually happens with these flaws is different and what you do about them is different,” said researcher Paul Kocher, “who was an integral member of a team of researchers at big tech companies like Google and Rambus and in academia that discovered the flaws.”
Google and Microsoft say they have dealt with the flaw in an update, and Amazon, with regard to its Amazon Web Services, said it will use the Microsoft patch. Cloud services are vulnerable because hackers could simply rent space there and then grab information such as passwords, since “it is uncommon for … a single server to be dedicated to a single customer.” Microsoft customers will also need to install an update.
The open-source Linux community has already posted a patch for that operating system. Apple has a partial fix and plans an additional update. But it’s not a perfect fix since patches, says independent software developer Andres Freund, “could slow the performance of affected machines by 20 to 30 percent.”
Bloomberg reports that Intel stresses that the issue is not a “bug,” stating that it “believes these exploits do not have the potential to corrupt, modify or delete data.” Intel chips made in the last ten years appear to be the ones impacted by the flaws, although, “in devices with the current generation of Intel chips, the impact will be small” compared to older processors.
Forrester Research analyst Frank Gillett says that cloud computing providers “will have to upgrade software to work around the potential vulnerability, which will require additional lines of code, computing power and energy to perform the same functions while maintaining security.”
“When you’re running billions of servers, a 5 percent hit is huge,” said Gillett, who added that, “cloud providers will likely have to throttle back the pace of new customers accessing their data centers while they take servers down to fix the problem, and there could be a price spike for servers as demand surges.”
Intel Wrestled With Chip Flaws for Months, The Wall Street Journal, 1/4/18
Apple Says All Macs, iPhones and iPads Exposed to Chip Security Flaws, Bloomberg, 1/5/18
Intel’s CEO Sold Off the Majority of His Stock After Finding Out About the Chip Flaws, Quartz, 1/4/17