The world’s biggest chipmakers and software companies, including Intel Corp. and Microsoft Corp., are coming to grips with a vulnerability that leaves vast numbers of computers and smartphones susceptible to hacking and performance slowdowns.
Google researchers recently discovered that a feature, present in almost all of the billions of processors that run computers and phones around the world, could give cyberattackers unauthorized access to sensitive data—and whose remedy could drag on device performance. News of the weakness, found last year and reported Jan. 2 by The Register technology blog, weighed on shares of Intel, the biggest semiconductor maker, while boosting rivals including Advanced Micro Devices Inc. Intel’s silence for most of Jan. 3 added to investors’ unease.
Late in the day, Intel, Microsoft, Google, and other tech bellwethers issued statements aimed at reassuring customers and shareholders. Intel said its chips weren’t the only ones affected and predicted no material effect on its business, while Microsoft, the largest software maker, said it released a security update to protect users of devices running Intel and other chips. Google, which said the issue affects Intel, AMD, and ARM Holdings Plc chips, noted that it updated most of its systems and products with protections from attack. Amazon.com Inc., whose AWS is No. 1 in cloud computing, said most of its affected servers have already been secured.
Hackers for decades have exploited security holes in software—for example, by inducing careless, unsuspecting users to open attachments that unleash viruses or other malware onto a device or network. The weakness uncovered by Google, by contrast, underscores the potential damage wreaked by vulnerabilities in hardware. Complex components, such as microprocessors, can be harder to fix and take longer to design from scratch if flawed.
Intel’s stock remained under pressure even after its statement.
China’s largest cloud computing services scrambled Jan. 4 to address the issue. Domestic industry leader Alibaba Group Holding Ltd. said it planned to update its systems from 1 a.m. on Jan. 12 to handle potential chip security issues. Rival Tencent Holdings Ltd. said it was in touch with Intel on possible fixes but wasn’t aware of any attempted attacks.
Applying the operating system upgrades designed to remedy the flaw could hamper performance, security experts said. The Register reported that slowdowns could be as much as 30%—something Intel said would occur only in extremely unusual circumstances. Computer slowdowns will vary based on the task being performed and for the average user “should not be significant and will be mitigated over time,” Intel said, adding that it has begun providing software to help limit potential exploits.
Intel’s efforts to play down the impact resulted in a war of words with AMD. Intel said it’s working with chipmakers including AMD and ARM Holdings, as well as operating system makers to develop an industry wide approach to resolving the issue. AMD was quick to retort, saying, “there is near-zero risk” to its processors because of differences in the way they are designed and built.
The vulnerability doesn’t just affect PCs. All modern microprocessors, including those that run smartphones, are built to essentially guess what functions they’re likely to be asked to run next. By queuing up possible executions in advance, they’re able to crunch data and run software much faster.
The problem in this case is that this predictive loading of instructions allows access to data that’s normally cordoned off securely, Intel Vice President Stephen Smith said on a conference call. That means, in theory, that malicious code could find a way to access information that would otherwise be out of reach, such as passwords.
Microsoft on Jan. 3 released a security update for its Windows 10 operating system and older versions of the product to protect users of devices with chips from Intel, ARM and AMD, the company said in a statement. Late in the day, Microsoft said the majority of Azure cloud infrastructure has been updated with the fix and most customers won’t see a noticeable slowdown with the update.
Apple Inc. didn’t respond to requests for comment about how the chip issue may be affecting the company’s operating systems.