The world\u2019s biggest chipmakers and software companies, including Intel Corp. and Microsoft Corp., are coming to grips with a vulnerability that leaves vast numbers of computers and smartphones susceptible to hacking and performance slowdowns.<\/p>\n
Google researchers recently discovered that a feature, present in almost all of the billions of processors that run computers and phones around the world, could give cyberattackers unauthorized access to sensitive data — and whose remedy could drag on device performance. News of the weakness, found last year and reported Tuesday by The Register technology blog, weighed on shares of Intel, the biggest semiconductor maker, while boosting rivals including Advanced Micro Devices Inc. Intel\u2019s silence for most of Wednesday added to investors\u2019 unease.<\/p>\n
Late in the day, Intel, Microsoft, Google and other tech bellwethers issued statements aimed at reassuring customers and shareholders. Intel said its chips weren\u2019t the only ones affected and predicted no material effect on its business, while Microsoft, the largest software maker, said it released a security update to protect users of devices running Intel and other chips. Google, which said the issue affects Intel, AMD and ARM Holdings Plc chips, noted that it updated most of its systems and products with protections from attack. Amazon.com Inc., whose AWS is No. 1 in cloud computing, said most of its affected servers have already been secured.<\/p>\n
Hackers for decades have exploited security holes in software — for example, by inducing careless, unsuspecting users to open attachments that unleash viruses or other malware onto a device or network. The weakness uncovered by Google, by contrast, underscores the potential damage wreaked by vulnerabilities in hardware. Complex components, such as microprocessors, can be harder to fix and take longer to design from scratch if flawed.<\/p>\n
\u201cIt\u2019s a big one and it\u2019s a severe one. This gives an attacker capabilities that bypass the common operating system security controls that we\u2019ve relied on for 20 years,\u201d said Jeff Pollard, an analyst at Forrester Research. \u201cThere\u2019s big impact on both the consumer and enterprise.\u201d<\/p>\n
Intel\u2019s stock remained under pressure even after its statement.<\/p>\n
\u201cWe struggle to believe that Intel won\u2019t face some sort of financial liability,\u201d analysts at Sanford C. Bernstein wrote in a note.<\/p>\n
China\u2019s largest cloud computing services scrambled Thursday to address the issue. Domestic industry leader Alibaba Group Holding Ltd. said it planned to update its systems from 1 a.m. on Jan. 12 to handle potential chip security issues. Rival Tencent Holdings Ltd. said it was in touch with Intel on possible fixes but wasn\u2019t aware of any attempted attacks.<\/p>\n
Applying the operating system upgrades designed to remedy the flaw could hamper performance, security experts said. The Register reported that slowdowns could be as much as 30 percent — something Intel said would occur only in extremely unusual circumstances. Computer slowdowns will vary based on the task being performed and for the average user \u201cshould not be significant and will be mitigated over time,\u201d Intel said, adding that it has begun providing software to help limit potential exploits.<\/p>\n
Intel\u2019s efforts to play down the impact resulted in a war of words with AMD. Intel said it\u2019s working with chipmakers including AMD and ARM Holdings, as well as operating system makers to develop an industrywide approach to resolving the issue. AMD was quick to retort, saying, \u201cthere is near-zero risk\u201d to its processors because of differences in the way they are designed and built.<\/p>\n
The vulnerability doesn\u2019t just affect PCs. All modern microprocessors, including those that run smartphones, are built to essentially guess what functions they\u2019re likely to be asked to run next. By queuing up possible executions in advance, they\u2019re able to crunch data and run software much faster.<\/p>\n
The problem in this case is that this predictive loading of instructions allows access to data that\u2019s normally cordoned off securely, Intel Vice President Stephen Smith said on a conference call. That means, in theory, that malicious code could find a way to access information that would otherwise be out of reach, such as passwords.<\/p>\n
\u201cThe techniques used to accelerate processors are common to the industry,\u201d said Ian Batten, a computer science lecturer at the University of Birmingham in the U.K. who specializes in computer security. The fix being proposed will definitely result in slower operating times, but reports of slowdowns of 25 percent to 30 percent are \u201cworst-case\u201d scenarios, he said.<\/p>\n
Intel Chief Executive Officer Brian Krzanich told CNBC that a researcher at Google made Intel aware of the issue \u201ca couple of months ago.\u201d<\/p>\n
\u201cOur process is, if we know the process is difficult to go in and exploit, and we can come up with a fix, we think we\u2019re better off to get the fix in place,\u201d Krzanich said, explaining how the company responded to the issue.<\/p>\n
Google, a unit of Alphabet Inc., identified the researcher as Jann Horn. While many of its products have already been protected, some customers of Android devices, Google laptops and its cloud services still need to take steps to patch security holes, the internet giant said.<\/p>\n
Microsoft on Wednesday released a security update for its Windows 10 operating system and older versions of the product to protect users of devices with chips from Intel, ARM and AMD, the company said in a statement. Late in the day, Microsoft said the majority of Azure cloud infrastructure has been updated with the fix and most customers won\u2019t see a noticeable slowdown with the update.<\/p>\n
\u201cWe have not received any information to indicate that these vulnerabilities had been used to attack our customers,\u201d Microsoft said. The fixes were originally planned for release on Jan. 9, but were rushed out Wednesday after the weakness was made public, according to a person familiar with the situation.<\/p>\n
Apple Inc. didn\u2019t respond to requests for comment about how the chip issue may be affecting the company\u2019s operating systems.<\/p>\n
Providers of computing power and services via the internet will have to upgrade software to work around the potential vulnerability, which will require additional lines of code, computing resources and energy to perform the same functions while maintaining security, said Frank Gillett, another analyst at Forrester.<\/p>\n
\u201cWhen you\u2019re running billions of servers, a 5 percent hit is huge,\u201d he said.<\/p>\n
The world\u2019s biggest chipmakers and software companies are coming to grips with a vulnerability that leaves vast numbers of computers and smartphones susceptible to hacking.<\/p>\n","protected":false},"author":341034,"featured_media":193274,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[167,131,123,15511],"class_list":["post-243436","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-google","tag-intel","tag-microsoft","tag-security-flaw"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/243436"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341034"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=243436"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/243436\/revisions"}],"predecessor-version":[{"id":243438,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/243436\/revisions\/243438"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/193274"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=243436"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=243436"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=243436"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}