An Intel bug

A significant vulnerability has been discovered in all Intel processor chips. Due to this vulnerability, players like Microsoft, Apple and Linux will have to update operating systems in computers from across the world.

The vulnerability was due to a serious flaw in the design system of the Intel chip.

Background

Intel Corporation (also known as Intel, stylized as intel) is an American multinational corporation and technology company headquartered in Santa Clara, California, in the Silicon Valley. It is the world's second largest and second highest valued semiconductor chip makers based on revenue after being overtaken by Samsung, and is the inventor of the x86 series of microprocessors, the processors found in most personal computers (PCs). Intel supplies processors for computer system manufacturers such as Apple, Lenovo, HP, and Dell. Intel also manufactures motherboard chipsets, network interface controllers and integrated circuits, flash memory, graphics chips, embedded processors and other devices related to communications and computing. In 2016, its net income was reported as US$10.31 billion.

A microprocessor is a computer processor which incorporates the functions of a computer's central processing unit (CPU) on a single integrated circuit (IC), or at most a few integrated circuits. The microprocessor is a multipurpose, clock driven, register based, digital-integrated circuit which accepts binary data as input, processes it according to instructions stored in its memory, and provides results as output. Microprocessors contain both combinational logic and sequential digital logic.

Analysis

A significant vulnerability has been discovered in all Intel processor chips. Due to this vulnerability, players like Microsoft, Apple and Linux will have to update operating systems in computers from across the world.

It has been reported that it was researchers from Google Project Zero last year. A blogpost published by Matt Linton, Senior Security Engineer and Pat Parseghian, Technical Program Manager notes, “Last year, Google’s Project Zero team discovered serious security flaws caused by “speculative execution,” a technique used by most modern processors (CPUs) to optimize performance. The Project Zero researcher, Jann Horn, demonstrated that malicious actors could take advantage of speculative execution to read system memory that should have been inaccessible. For example, an unauthorized party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications.”

Intel has responded noting this problem is not unique to Intel products. A statement published by the company read, “Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits. Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”

The bug allows normal user programs to access the protected memory in the kernel. A kernel is the core of an operating system. It’s a process that handles the most sensitive tasks in your system. The fix for this bug will considerably slow down computer performance by up to 30%. In response to the news, the NCSC said: "We are aware of reports about a potential flaw affecting some computer processors. At this stage there is no evidence of any malicious exploitation and patches are being produced for the major platforms." Intel said that it had planned on making news of this bug public sometime next week along with Google but it was leaked prior to that. Generally, when researchers find a flaw in a system, they reach out to the parent company in a bid to fix it before malicious parties can take advantage of the fact.

"It is significant but whether it will be exploited widely is another matter," said Prof Alan Woodward, from the University of Surrey. “The actual flaw is being rather tightly kept under wraps but from what researchers have gleaned themselves, it's all to do with a flaw in the way certain Intel CPUs address certain types of memory. If it is really bad, then it may allow an exploit to read parts of the computer memory that should never be reached.”

Assessment

Our assessment is this security bugs could have made millions of computers vulnerable across the world. Hackers privy to this vulnerability could have created widespread damage. Similar to the security flaw found in Apple in 2017, Intel has rushed to ensure the problem is fixed. However, such developments are a signal that any digitized data is always at risk of being breached.