It was revealed in January 2018 that Intel CPUs featured a serious security flaw that affected the majority of devices on the market. Now, a new security risk related to the original flaw has prompted Intel to offer consumers the choice of turning on its chips or leaving them off.
The original problem affected every modern CPU using designed with a feature intended to increase speed was at risk for falling victim to Spectre bug.
Additionally, it was not only Intel CPUs affected. iPhones, laptops, and Gmail were also at risk. Microsoft issued the following statement after the risk became public:
“Microsoft is aware of the recently discovered security flaw that impacts chips from several different manufacturers. Many devices and applications will be affected by this flaw, including any operating systems such as Windows that run on the affected chips.”Nearly every single server that hosts data in the cloud is linked to Intel and therefore at risk.
Not to mention the additional exposure the feature causes related to Meltdown, a secondary security risk for some of the devices affected.
Patch to Fix the Problem Offered Only a Partial Solution
Despite the patch developed after months of trying to fix the problem, the solution resulted in performance issues. Installing the patch meant data would be crunched slower and the performance of the device would be negatively affected – some estimates show a slowdown of at least 25 percent.
Not to mention there was a bug discovered in the patches that caused processors to boot more than they should – sometimes abruptly.
Furthermore, the solution that was created only worked in some older processors, including the Bloomfield line, Clarksfield, Gulftown, Harpertown, Jasper Forest, Penryn, SoFIA 3GR, the Wolfdale line, and the Yorkfield line. The rebooting issue has since been fixed, but the problem is far from being completely resolved.
Complicating matters further, the CEO of Intel at the time sold millions of dollars in stock around the same time he learned of the security flaw, though he stated the sale was unrelated to his knowledge of the security flaw.
Legal action was taken against the company, primarily in the form of class action suits in several states.
New Vulnerabilities Discovered
In May, it was announced that a new vulnerability – Speculative Store Bypass or Varian 4 – could affect chips from Intel and other manufacturers. The flaw impacts a broad range of modern computing chips that are related to the issues with Spectre and Meltdown.
The problem means data, including passwords, could be read by hackers because of speculative execution, which is essentially the chip predicting what users will do next.
As a result of these new flaws discovered, Intel announced it would ship its chips with the patches turned off, and allow users to turn them on if they so choose.