Intel CEO: Fixes on the way for serious chip flaws
LAS VEGAS — Intel has big plans to steer toward new business in self-driving cars, virtual reality and other cutting-edge technologies. But first it has to pull out of a skid caused by a serious security flaw in its processor chips, which undergird many of the world’s smartphones and personal computers.
Intel CEO Brian Krzanich opened his keynote talk Monday night at the annual CES gadget show in Las Vegas by addressing the hard-to-fix flaws disclosed by security researchers last week. At an event known for its technological optimism, it was an unusually sober and high-profile reminder of the information security and privacy dangers lurking beneath many of the tech industry’s gee-whiz wonders.
Some researchers have argued that the flaws reflect a fundamental hardware defect that can’t be fixed short of a recall. But Intel has pushed back against that idea, arguing that the problems can be “mitigated” by software or firmware upgrades. Companies from Microsoft to Apple have announced efforts to patch the vulnerabilities.
And Krzanich promised fixes in the coming week to 90 percent of the processors Intel has made in the past five years, consistent with an earlier statement from the company . He added that updates for the remainder of those recent processors should follow by the end of January. Krzanich did not address the company’s plans for older chips.
To date, he said, Intel has seen no sign that anyone has stolen data by exploiting the two vulnerabilities, known as Meltdown and Spectre. The problems were disclosed last week by Google’s Project Zero security team and other researchers. Krzanich commended the “remarkable” collaboration among tech companies to address what he called an “industry-wide” problem.
While Meltdown is believed to primarily affect processors built by Intel, Spectre also affects many of the company’s rivals. Flaws affecting the processor chips also endanger the PCs, internet browsers, cloud computing services and other technology that rely on them. Both bugs could be exploited through what’s known as a side-channel attack that could extract passwords and other sensitive data from the chip’s memory.
Krzanich himself has been in the spotlight over the security issue after it was revealed that he had sold about $39 million in his own Intel stocks and options in late November, before the vulnerability was publicly known. Intel says it was notified about the bugs in June.
The company didn’t respond to inquiries about the timing of Krzanich’s divestments, but a spokeswoman said it was unrelated to the security flaws.
During his presentation Monday, Krzanich also launched into a flashy and wide-ranging celebration of the way Intel and its partners are harnessing data for futuristic innovations, from 3D entertainment partnerships with Paramount Pictures to virtual-reality collaborations with the 2018 Winter Olympics and a new breakthrough in so-called quantum computing.
Microsoft said fixes for security flaws present in most processors may significantly slow down certain servers and dent the performance of some personal computers, the software maker’s first assessment of a global problem that Intel Corp. initially downplayed.
Microsoft’s statement suggests slowdowns could be more substantial than Intel previously indicated. While Intel CEO Brian Krzanich on Monday said the problem may be more pervasive than first thought, he didn’t discuss the degree of impact — only that some machines would be more affected than others.
Microsoft cautioned in a blog post that servers, the computers that underpin corporate networks, used for certain tasks may show “more significant impact.” Not all servers will be affected, it said. Microsoft, which didn’t provide specific numbers, said it is testing a variety of systems and will update users on what it finds.
PCs running Windows 10 and sold since 2016 will face slowdowns of less than 10 percent, which Microsoft said will probably not be noticeable to users. Customers with older Windows 10 PCs will notice some slowness because those machines contain older chips. Machines running Windows 7 and Windows 8 from 2015 or earlier will be the most affected with users noticing a decrease in system performance, Microsoft said.
On Jan. 3, Intel confirmed its chips contain a longstanding feature that makes them vulnerable to hacking. There are two main flaws, dubbed Meltdown and Spectre, and one or both are present in almost all of the billions of processors that run personal computers, servers and phones and could give attackers unauthorized access to data. The world’s largest technology companies are releasing software updates to patch these security holes, and there’s been intense debate about how much this will affect performance.