Intel Chip users may be vulnerable to flaws that put devices at risk. The security vulnerabilities, called Spectre and Meltdown, may not just involve individual users but threaten companies who use cloud or other large-scale computing services like Amazon, Google, Microsoft, Apple and others.
Flaws in Intel processors leave sensitive information vulnerable. The flaws, called Meltdown and Spectre were announced in January of 2018, while additional flaw known as Speculative Store Bypass or Varian 4 was announced in May of 2018.
The security flaws may put devices at risk and allow for the theft of sensitive data, including passwords. Additionally, the fixes include security patches which may be cumbersome or difficult to install and once performed tend to degrade system performance and speed. As a result of continuing problems, Intel has announced that they will ship new devices with patches “off” and allow users to decide to install them or not.
Meltdown affects all Intel processors made since 1995, Spectre affects processors from a variety of firms, and Varian may affect chips from both Intel and other manufacturers. Essentially, every laptop, desktop, tablet, smartphone, and cloud computing system is threatened, including computing giants like Google, Amazon, Apple and others who offer services to end-users.
A January 2018 Intel Chip Class Action lawsuit has been filed against Intel for people who have purchased a computer since 2010.
What are Meltdown, Spectre and Varian?
Meltdown and Spectre are considered to be the largest security vulnerabilities in computing history, while Varian-4 runs close behind. Nearly every desktop, laptop, or notebook computer and many other devices are affected. The effects aren’t limited to consumer devices but also involve servers and systems used in large business and cloud computing as well, meaning that businesses and individuals who use contract cloud services like Amazon, Google, or Apple may still be at risk.
Meltdown is a flaw that puts computers at risk for hackers bypassing the hardware barrier between applications during use and the computer’s core memory – something that is usually well protected. Spectre presents a similar risk, but provides access to hackers and enables them to “trick” otherwise error-free applications into revealing sensitive information.
Speculative Store Bypass or Varian 4 could affect chips from Intel and other manufacturers. The flaw impacts a broad range of modern computing chips that are related to the issues with Spectre and Meltdown. The problem means data, including passwords, could be read by hackers because of speculative execution, which is essentially the chip predicting what users will do next.
Security patches issued to fix the flaws require extensive manipulation at the root directory level and may have significant negative impact on speed and performance of computers once installed.
What’s at Risk?
The core of the operating system, known as the kernel, is where sensitive information is stored and how other operations are controlled. Data that could be exposed to anyone exploiting the Meltdown or Spectre bugs could include:
- Banking records
- Credit cards
- Financial information
- Other secret information
Who’s Affected by Intel Chip Flaw?
In addition to individual consumers and businesses, cloud service providers including Apple, Google, Amazon, and Microsoft are also affected as well as smaller companies. These companies could be responsible for software and hardware fixes, but if not done correctly, leave users and businesses open to risk.
All of the big players that provide enterprise-level computer services have each reported being hopeful the problem won’t have a significant impact on performance. When the bugs were announced, in January 2018, Amazon said it was in the process of patching systems, while Google said that the majority of its systems have already been updated, but might need some additional customer action. Microsoft said it was in the process of deploying fixes to its cloud systems and Apple reported that they had been working behind the scenes to prepare for a coordinated response.
These problems have been a black mark on Intel’s reputation and could give other companies a bargaining chip in the future. It is not clear yet, exactly how much Meltdown and Spectre are going to cost. Banks and financial services firms are just beginning to investigate the impact of the problem.
Has Data Already Been Stolen?
According to the UK’s National Cyber Security Centre, it is unlikely Meltdown and Spectre are actively being used to steal data yet, but it’s possible, particularly if adequate fixes aren’t employed properly and promptly. People in the industry assume it won’t be long before hackers develop programs to launch attacks now that the information is available if they haven’t already.
Even more disturbing – there are little consumers can do about the problem. Fixes may be beyond the capability of most consumers or simply out of their control, particularly in light of those using cloud computing provided by Amazon, Apple, Google, Microsoft or other enterprise companies.
The best solutions available include updating computers with the latest security fixes already available for Linux and Windows. Chromebooks and Android devices running Google’s Nexus and Pixel smartphones are already protected. Apple advised customers to download the most recent update and to only use software from the App Store. Computing services have not any known exploits but are watchful.
Overall, security fixes and patches expected for Spectre are unlikely to significantly degrade systems, but there are concerns that Meltdown fixes will have a significant impact on both speed and performance.
This system degradation is because of the separation of the application and kernel memory required to prevent the flaws from being exploited. Separating the two memory systems means tasks that constantly require the kernel to do things could take much more time because the processor will need to switch back and forth between the application memory and the kernel memory.
Some predict up to 30 percent slower performance in some tasks. At the moment, the focus remains on fixing the problem, but the aftermath could last for years and set a historic precedent in cybersecurity. To add to Intel’s problems, additional security flaws may continue to emerge.
Legal action has been taken against the company, primarily in the form of class action suits in several states, but none have settled as of yet.