What you need to know about the big chip security problem
(Bloomberg) -- Intel Corp. said Wednesday that most of the processors running the world’s computers and smartphones have a feature that makes them susceptible to attack. The largest chipmaker is working with rivals and partners on a fix, but the news sparked concern about this fundamental building block of the internet, PCs and corporate networks.
What’s the problem?
Modern processors guess what they’ll have to do next and fetch the data they think they’ll need. That makes everything from supercomputers to smartphones zippy. Unfortunately, as Google researchers discovered, it also provides a way for bad actors to read data that had been thought to be secure. In a worst-case scenario that would let someone access your passwords.
How bad is it?
This won’t stop your computer working and doesn’t provide an avenue for hackers to put malicious software on your machine. There’s been no report so far of anyone’s computer being attacked in this manner, but in theory this puts important data at risk. Hardware and chip-level security has long been pushed by the industry as more tamper-proof than software. Those claims may have been overstated.
Why are we talking about this now?
This vulnerability was discovered last year by folks Google employs to find such issues before the bad guys do. Usually, solutions are developed in private and announced in a coordinated way. This time the news leaked before the companies involved had a chance to get a fix in place and investors initially panicked thinking it was all an Intel problem.
What’s being done to fix it?
Chipmakers and operating system providers, such as Alphabet Inc.’s Google and Microsoft Corp., are rushing to create software patches that will close the potential window of attack. Intel said this industrywide effort will roll out over the next few weeks. Amazon.com Inc. said "all but a small single-digit percentage" of its servers have already been protected. In a blog post, Google said its security teams immediately "mobilized to defend" its systems and user data. Some customers of Android devices, Google Chromebook laptops and its cloud services still need to take steps to patch security holes, the company said. Patches for Windows devices are out now and the company is patching its cloud services, Microsoft said in a statement.
Is this an Intel problem?
Intel said it’s an issue for all modern processors. Rival Advanced Micro Devices Inc. stated that its products are at "near zero risk." ARM Holdings, which has chip designs that support all smartphones, said that, at worst, the vulnerability could "result in small pieces of data being accessed" and advised users of its technology to keep their software up to date. Google fingered all three companies.
What will the fallout be?
Some computers, mostly older ones, could be slowed down by the software patches that will make them more secure. Intel said that in common situations software might be slowed down by as much as three percent or not at all. But in other rare situations, performance might be reduced as much as 30 percent. The company doesn’t expect any financial impact and said it thinks customers will keep buying. As the fixes haven’t been widely deployed yet, it’s unclear whether anyone will even notice or whether computer slowdowns will be widespread. Intel has only done lab tests.
--With assistance from Dina Bass and Mark Bergen