Intel Corp has said that most of the processors running the world's computers and smartphones have a feature that makes them susceptible to attack. The largest chipmaker is working with rivals and partners on a fix, but the news sparked concern about this fundamental building block of the internet, PCs and corporate networks.
What's the problem?
Modern processors guess what they'll have to do next and fetch the data they think they'll need. That makes everything from supercomputers to smartphones zippy. Unfortunately, as Google researchers discovered, it also provides a way for bad actors to read data that had been thought to be secure. In a worst-case scenario that would let someone access your passwords.
Intel CEO addresses security flaw concerns
Intel CEO Brian Krzanich says a patch will be available soon to fix flaws that affect virtually all modern computing devices, such as phones, tablets and computers.
How bad is it?
This won't stop your computer working and doesn't provide an avenue for hackers to put malicious software on your machine. There's been no report so far of anyone's computer being attacked in this manner, but in theory this puts important data at risk. Hardware and chip-level security has long been pushed by the industry as more tamper-proof than software. Those claims may have been overstated.
Why are we talking about this now?
This vulnerability was discovered last year by folks Google employs to find such issues before the bad guys do. Usually, solutions are developed in private and announced in a coordinated way. This time the news leaked before the companies involved had a chance to get a fix in place and investors initially panicked thinking it was all an Intel problem.
What's being done to fix it?
Chipmakers and operating system providers, such as Alphabet's Google and Microsoft, are rushing to create software patches that will close the potential window of attack. Intel said this industry-wide effort would roll out over the next few weeks. Amazon.com said "all but a small single-digit percentage" of its servers had already been protected. In a blog post, Google said its security teams immediately "mobilised to defend" its systems and user data. Some customers of Android devices, Google Chromebook laptops and its cloud services still needed to take steps to patch security holes, the company said. Patches for Windows devices were out now and the company was patching its cloud services, Microsoft said in a statement.
Is this an Intel problem?
Intel said it was an issue for all modern processors. Rival Advanced Micro Devices stated that its products were at "near zero risk". ARM Holdings, which has chip designs that support all smartphones, said that, at worst, the vulnerability could "result in small pieces of data being accessed" and advised users of its technology to keep their software up to date. Google fingered all three companies.
What will the fallout be?
Some computers, mostly older ones, could be slowed down by the software patches that will make them more secure. Intel said that in common situations software might be slowed down by as much as 3 per cent or not at all. But in other rare situations, performance might be reduced as much as 30 per cent. The company doesn't expect any financial impact and said it thought customers would keep buying. As the fixes haven't been widely deployed yet, it's unclear whether anyone will even notice or whether computer slowdowns will be widespread. Intel has only done lab tests.
Bloomberg