Huge Intel CPU Security Risk Discovered On Virtually All their Current Chips
Early last year Intel and other technology companies were made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices.
Intel believes these exploits do not have the potential to corrupt, modify or delete data.
The flaws, called Meltdown and Spectre, exist within virtually all modern processors and could allow hackers to steal sensitive data although no data breaches have been reported “YET’. While Spectre affects processors made by a variety of firms, Meltdown appears to primarily affect Intel processors made since 1995.
According to Intel they are working with other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.
Updates for these flaws are being released now and are expected to slow down the performance of system after the updates are installed; however, the initial test don’t seem to show much of an effect on performance.
Here are the first few manufacturer findings after the initial updates:
- Apple: “Our testing with public benchmarks has shown that the changes in the December 2017 updates resulted in no measurable reduction in the performance of macOS and iOS as measured by the GeekBench 4 benchmark, or in common Web browsing benchmarks such as Speedometer, JetStream, and ARES-6.”
- Microsoft: “The majority of Azure customers should not see a noticeable performance impact with this update. We’ve worked to optimize the CPU and disk I/O path and are not seeing noticeable performance impact after the fix has been applied.”
- Amazon: “We have not observed meaningful performance impact for the overwhelming majority of EC2 workloads.”
- Google: “On most of our workloads, including our cloud infrastructure, we see negligible impact on performance.”
The situation is unfortunately still developing so we’re still yet to know how large a scale of effect this will have on the the manufacturer and consumers.
Earlier today The Guardian published an article citing that three separate class-action lawsuits have been filed against Intel by plaintiffs in California, Oregon and Indiana seeking compensation, with more expected. All three cite the security vulnerability and Intel’s delay in public disclosure from when it was first notified by researchers of the flaws in June 2017. They also cite the alleged computer slowdown that will be caused by the fixes needed to address the security concerns, which Intel disputes is a major factor.
This whole situation is a mess that is going to affect a lot of PC users due to Intel’s majority hold on the PC CPU market. With this issue we could likely see AMD, Intel’s biggest competitor take a much larger stake over the PC CPU market. As for current Intel users we recommend updating all of your software immediately just to be sure that your data isn’t at any security risk. We’ll try to update this story as soon as we have more information on it.