Earlier this month, massive security flaws were disclosed in Intel, AMD, and ARM processors from as long ago as 1995. The discovery has massive implications throughout the tech world, since Intel chips are used in such a wide variety of hardware, ranging from desktop computers to laptops to smartphones. Virtually every single modern computing device is affected by these flaws. While Intel is rightly facing criticism for the design flaws, the problem is broader and multifaceted.
Researchers detailed two flaws. The first, nicknamed Meltdown, is believed to affect most of Intel’s processors since the 90s, with the exception of Itanium server chips and Atom processors manufactured before 2013, products largely used in servers and enterprise environments. By exploiting the Meltdown flaw, hackers could circumvent the separation between user run applications and the core memory of a computer. Since a fix for the flaw would necessitate changes to the way the memory is dealt with by the operating system, patches could slow down these devices significantly. Initial estimates have said some tasks could be slowed as much as 30 percent by a fix to address the Meltdown flaw.
The other flaw, which is being called Spectre, affects processors from Intel, AMD, and ARM. This flaw could enable hackers to extract information from otherwise error-free applications. While this flaw is predicted to be tougher to fix, it is also a harder flaw for hackers to exploit.
Intel said in a statement:
“Intel has begun providing software and firmware updates to mitigate these exploits. Any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”
Google and security researchers who investigated and identified the flaws said it was not known whether hackers had already exploited either one.
At the Consumer Electronics Show in Las Vegas last week, Intel chief Brian Krzanich discussed efforts across the tech industry to solve the problem, but did not offer assurances that data had not already been stolen using the exploits.
Intel is facing the kind of fallout one might expect after disclosing flaws with such a massive impact. In just the two days following the disclosure, shares immediately fell a total of 5.2 percent. The company may face lawsuits over the patches, which could force users to purchase new hardware as a result of the slowdown. A lawsuit filed in San Jose, California is seeking class-action status, in an effort to compensate consumers who had bought faulty chips. And the criticism has been fierce. Linus Torvalds, creator of the Linux OS said the company should “take a long hard look” at the problem “and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed.”
But in many ways, the problem is bigger than a single mistake by a single company. Intel manufactures 95 percent of chips used by cloud services, as well as corporate data centers.
Bryan Cantrill, who is chief technology officer for Joyent, a cloud service owned by Samsung, said “We created a microprocessor monoculture. There are dangers associated with that.”
In recent decades, society has become increasingly dependent on digital technology, and relies on one company for the vast majority of its processors. This is inherently problematic.
Also, security issues aren’t going anywhere. Throughout the supply chain, manufacturers and users of technology need to be vigilant, using safe internet practices and staying one step ahead of hackers. The fact that researchers were able to find and address these flaws is a great sign.
Hackers will always find flaws in these systems to exploit. It’s generally impossible to guarantee 100 percent security for any system. To make your system unhackable, you would need to disconnect entirely from the internet, avoid using Word or PDF files, and other extreme measures. In other words, it would be unusable for almost any modern consumer.
China’s effort at creating a hack-proof communication network required a £60-million fiber-optic cable running the 2,000 kilometers from Beijing to Shanghai. It uses “quantum encryption,” which stores encryption codes on individual photons of light. Even with these grandiose efforts, the idea of non-hackability is still only theoretical. The project will test whether it is truly unhackable by “inviting the finest hackers to attack our system,” according to the project’s leader.
The computer security industry must be as active as hackers in seeking out flaws and vulnerabilities, so in that sense, the disclosure is a step in the right direction. While it is indeed Intel’s responsibility to patch the flaws, and to create better architecture in the future, networks will always have to keep improving their security in an ongoing process.
For the average user, this is like taking basic steps walking down the street. Be aware, take a generally safe route, but don’t let the possibility of danger stop you from walking. Be sure to use safe internet practices – know the source of any downloads, use anti-malware software, and accept that these measures are part of using the internet. While everyone in the supply chain should work to enhance security, society as a whole should keep these vulnerabilities in mind as it becomes increasingly dependent on digital technology in general, and on Intel chips specifically. Just as individuals should keep physical copies of treasured family photos even once scanned, society needs to be sure traffic lights would still function in the worst conceivable cyber-attack.