Intel says range of chips are vulnerable to hack, denies ‘bug’
Chipmakers, operating system makers working to resolve industrywide issue
Intel confirmed a report saying that its chips contain a feature that makes them vulnerable to hacking, though it said other companies’ semiconductors are also susceptible.
Intel is working with chipmakers including Advanced Micro Devices and ARM Holdings, and operating system makers to develop an industrywide approach to resolving the issue that may affect a wide variety of products, the company said Wednesday in a statement. Intel said it has begun providing software to help mitigate the potential exploits. Computer
slowdowns depend on the task being performed and for the average user “should not be significant and will be mitigated over time.”
The company’s microprocessors are the fundamental building block of the internet, corporate networks and PCs. Intel has added to its designs over the years trying to make computers less
vulnerable to attack, arguing that hardware security is typically tougher to crack than software. Reports about exploits caused by a “bug” or a “flaw” that are unique to its products are incorrect, Intel said.
“Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed,” the Santa Clara, Californiabased company said. “Intel believes these exploits do not have the potential to corrupt, modify or delete data.”
On Tuesday, the technology website The Register said a bug lets some software gain access to parts of a computer’s memory that are set aside to protect things like passwords. All computers with Intel chips from the past 10 years appear to be affected, the report said.
The vulnerability may have consequences beyond just computers, and is not the result of a design or testing error. All modern microprocessors, including those that run smartphones, are built to essentially guess what functions they’re likely to be asked to run next. By queuing up possible executions in advance, they’re able to crunch data and run software much faster.
The problem in this case is that this predictive loading of instructions allows access to data that’s normally cordoned off securely, Intel Vice President Stephen Smith said on a conference call. That means, in theory, that malicious code could find a way to access information that would otherwise be out of reach, such as passwords.
“To be clear, the security research team identified three variants targeting speculative execution. The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants,” the company said in a statement.