Major security flaw exposed in most computers made in last decade
by Michael Oliveira, The Canadian Press
A glitch in ubiquitous Intel processing chips could put data on millions of computers at risk. It's prompted the U.S. chip giant to work secretly on a much-needed patch since late last year
TORONTO—Technology experts warn a “really, really serious” security vulnerability could affect the majority of computers made in the last decade, but a fix being rushed to users has a downside: it may slow down your machine.
Tech news website the Register reported a glitch has been identified with Intel processing chips—found in most computers, including Apple’s Macs—that could cause data to become vulnerable to hackers.
While software developers have been covertly working since late last year to address the widespread issue, news of the problem began spreading beyond the development community late Tuesday. Intel’s stock dropped about four per cent on Wednesday while the company’s main competitor AMD saw its stock surge by more than five per cent.
“This is a really, really serious problem,” said Vlado Keselj, a professor of computer science at Dalhousie University.
“The good news is I think it’s really hard to exploit this vulnerability. But it could just be a matter of time before someone manages to do that.”
In a statement released Wednesday, Intel attempted to downplay worries about the hardware issue, saying it believes hackers “do not have the potential to corrupt, modify or delete data.” The company also said a performance hit from a future software update “should not be significant and will be mitigated over time.”
Many details about the technical issue and possible solutions are still unknown. Intel said it had originally planned to disclose more information next week, once software updates were ready, but was compelled to release the statement after the issue began making headlines.
An update for the Linux operating system has already been released and has provided some clues to the extent of the problem. But Keselj noted that care was taken to strip developers’ notes and comments out of the update, which typically give some context around the changes that are found in a new software release.
“These patches are visible, anyone can open them and see what’s changed but developers removed comments. Without knowing exactly what the vulnerability is, it’s probably hard to exploit it, so it’s happening under the veil of secrecy which is probably good,” Keselj said.
“We don’t want somebody to be able to exploit this before updates are made.”
Keselj speculated the average user might not notice a dramatic drop in their computer’s performance and even gamers may not suffer a significant slowdown. But businesses that use enterprise software for running database servers could see an appreciable change in performance, which would put pressure on Intel, Keselj said.
Prof. Raphael Khoury of the Universite du Quebec a Chicoutimi said it’s not unusual for major software or hardware vulnerabilities to go undetected for a long time but it’s good Intel is releasing its fix before damage could be done.
“Maybe the initial patch will have a substantial slowdown and then in the coming weeks they can take their time to produce a better fix,” Khoury said.
“It’s better to initially suffer through this slowdown, at least we’re secure.”
Beyond just computers, there are many consumer devices nowadays that run off sophisticated hardware that could be open to similar vulnerabilities, said Prof. Sebastian Fischmeister of the University of Waterloo, adding that connected cars and high-tech medical devices are also susceptible.
“If you don’t upgrade them then you have a lingering potential security problem,” said Fischmeister. “If you upgrade them then you have potential performance degradation that wasn’t anticipated during testing, so suddenly your (technology) might no longer work.”