Earlier today, we reported that according to a press reports, Intel's computer chips were affected by a bug that makes them vulnerable to hacking. Specifically, The Register said the bug lets some software gain access to parts of a computer’s memory that are set aside to protect things like passwords, and making matters worse, all computers with Intel chips from the past 10 years appear to be affected. The news, which sent Intel's stock tumbling, was later confirmed by the company.
In a statement issued on Monday afternoon, Intel said it was working with chipmakers including Advanced Micro Devices Inc. and ARM Holdings, and operating system makers to develop an industrywide approach to resolving the issue that may affect a wide variety of products, adding that it has begun providing software to help mitigate the potential exploits. Computer slowdowns depend on the task being performed and for the average user “should not be significant and will be mitigated over time" the company promised despite much skepticism to the contrary.
As Bloomberg helpfully puts it, Intel's microprocessors "are the fundamental building block of the internet, corporate networks and PCs" and while Intel has added to its designs over the years trying to make computers less vulnerable to attack, arguing that hardware security is typically tougher to crack than software, there now appears to be a fundamental flaw in the design.
In a vain attempt to mitigate the damage, Intel claimed that the “flaw” was not unique to its products.
“Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed,” the Santa Clara, California-based company said. “Intel believes these exploits do not have the potential to corrupt, modify or delete data.”
As Bloomberg writes, "the vulnerability may have consequences beyond just computers, and is not the result of a design or testing error." Here's how the bug "works":
All modern microprocessors, including those that run smartphones, are built to essentially guess what functions they’re likely to be asked to run next. By queuing up possible executions in advance, they’re able to crunch data and run software much faster.
The problem in this case is that this predictive loading of instructions allows access to data that’s normally cordoned off securely, Intel Vice President Stephen Smith said on a conference call. That means, in theory, that malicious code could find a way to access information that would otherwise be out of reach, such as passwords.
Security vulnerability aside, the fix may be just as bad: it would result in a significant slowdown of the CPU, and the resultant machine.
Because the exploit takes advantage of a technology intended to accelerate the performance of the processors, the fix slows them, said the person. In devices with the current generation of Intel chips, the impact will be small, but it will be more significant on older processors. Microsoft is still looking at the impact on the speed of cloud services and how it will compensate paying customers, the person said.
"The techniques used to accelerate processors are common to the industry,” said Ian Batten, a computer science lecturer at the University of Birmingham in the U.K. who specializes in computer security. The fix being proposed will definitely result in slower operating times, but reports of slowdowns of 25 percent to 30 percent are “worst case” scenarios.