Intel CEO says chip fixes on the way
Promises 90% of processors made in the past five years to get patches in next week
LAS VEGAS— Intel has big plans to steer toward new business in selfdriving cars, virtual reality and other cutting-edge technologies. But first it has to pull out of a skid caused by a serious security flaw in its processor chips, which undergird many of the world’s smartphones and personal computers.
Intel CEO Brian Krzanich opened his keynote talk Monday night at the annual CES gadget show in Las Vegas by addressing the hard-to-fix flaws disclosed by security researchers last week. At an event known for its technological optimism, it was an unusually sober and high-profile re- minder of the information security and privacy dangers lurking beneath many of the tech industry’s gee-whiz wonders.
Some researchers have argued that the flaws reflect a fundamental hardware defect that can’t be fixed short of a recall. But Intel has pushed back against that idea, arguing that the problems can be “mitigated” by software or firmware upgrades. Companies from Microsoft to Apple have announced efforts to patch the vulnerabilities.
And Krzanich promised fixes in the coming week to 90 per cent of the processors Intel has made in the past five years, consistent with an earlier statement from the company. He added that updates for the remainder of those recent processors should follow by the end of January. Krzanich did not address the company’s plans for older chips.
To date, he said, Intel has seen no sign that anyone has stolen data by exploiting the two vulnerabilities, known as Meltdown and Spectre.
The problems were disclosed last week by Google’s Project Zero security team and other researchers. Krzanich commended the “remarkable” collaboration among tech companies to address what he called an “industry-wide” problem.
While Meltdown is believed to primarily affect processors built by Intel, Spectre also affects many of the company’s rivals.
Both bugs could be exploited through what’s known as a sidechannel attack that could extract passwords and other sensitive data from the chip’s memory.
Krzanich himself has been in the spotlight over the security issue after it was revealed that he had sold about $39 million (U.S.) in his own Intel stocks and options in late November, before the vulnerability was publicly known.
Intel says it was notified about the bugs in June.
The company didn’t respond to inquiries about the timing of Krzanich’s divestments, but a spokesperson said it was unrelated to the security flaws.