Intel Corp. confirmed a report saying that its chips contain a feature that makes them vulnerable to hacking, though it said other companies’ semiconductors are also susceptible.
Intel is working with chipmakers including Advanced Micro Devices Inc. and ARM Holdings, and operating system makers to develop an industrywide approach to resolving the issue, the company said on Jan. 3.
Intel said it has begun providing software to help mitigate the potential exploits. Computer slowdowns depend on the task being performed and for the average user “should not be significant and will be mitigated over time.”
“Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed,” the Santa Clara, Calif-.based company said. “Intel believes these exploits do not have the potential to corrupt, modify or delete data.”
Intel’s microprocessors are the fundamental building block of the internet, corporate networks and PCs. The company has added to its designs over the years trying to make computers less vulnerable to attack, arguing that hardware security is typically tougher to crack than software. Reports about exploits caused by a “bug” or a “flaw” that are unique to its products are incorrect, Intel said.
“The techniques used to accelerate processors are common to the industry,” said Ian Batten, a computer science lecturer at the University of Birmingham in the U.K. who specializes in computer security. The fix being proposed will definitely result in slower operating times, but reports of slowdowns of 25 percent to 30 percent are “worst case” scenarios, he said.
On Jan. 2, the technology website The Register said a bug lets some software gain access to parts of a computer’s memory that are set aside to protect things like passwords. All computers with Intel chips from the past 10 years appear to be affected, the report said.
The vulnerability may have consequences beyond just computers, and is not the result of a design or testing error. All modern microprocessors, including those that run smartphones, are built to essentially guess what functions they’re likely to be asked to run next. By queuing up possible executions in advance, they’re able to crunch data and run software much faster.
The problem in this case, according to people familiar with the issue, is that this predictive loading of instructions allows access to data that’s normally cordoned off securely. That means, in theory, that malicious code could find a way to access information that would otherwise be out of reach, such as passwords.
By Ian King