You are here: Home » International » News » Technology
Business Standard

Intel faces scrutiny as questions swirl over computer chip security

The cause of the new public relations crisis for Intel are Meltdown and Spectre. Meltdown affects only Intel chips

Don Clark  |  San Francisco 

Intel, chip falw, intel chips, spectre, meltdown, google
Intel Chip

In 1994, after facing a public relations crisis over an elusive mathematics glitch that affected the accuracy of calculations made by its popular Pentium computer chips, Intel faces another one more than two decades later. But, now it is an even bigger test.

Two serious security issues with its chips that could have implications for nearly everyone touched by computing. And so far — in something of a repeat of the 1994 incident — Intel has failed to quiet critics, putting it in an awkward position this week as its chief executive prepares to take the stage at one of the world’s biggest tech trade shows.

The cause of the new public relations crisis is the disclosure last week of two new ways to filch data from the microprocessors inside nearly all of the world’s computers; they are known as and “It is a very big deal, because it’s an area people haven’t looked at before,” said Bruce Schneier, a computer security expert and lecturer at the John F Kennedy School of Government at Harvard. “Everybody is going to start now.” Intel was privately informed of the issues by security researchers in June.

The company, which has rejected doing a chip recall or other costly remedies, said it has quietly marshaled a coalition of software, hardware and cloud services to develop and deploy programming tweaks that are designed to close most of the security gaps.

Intel and its partners said the fixes should be largely in place this week. “We’ve gotten much more mature in our ability to respond,” said Steven L Smith, an Intel vice president who was closely involved in the Pentium crisis and is now overseeing new security issues. But how well the proposed fixes work remains uncertain, putting Brian Krzanich, Intel’s chief executive, in the hot seat. Krzanich is scheduled to help kick off the CES trade show, one of the biggest tech conventions of the year, at a Las Vegas hotel on Monday night. He might address the chip security problems and artificial intelligence, virtual reality etc.

Adding to Intel’s image challenges is that Mr. Krzanich sold about $39 million in Intel shares in late November, after the company learned of the chip security problems. A company spokesman said the sale had been unrelated to the security issues and followed a prearranged annual trading plan. Mr. Krzanich, who reduced his holdings by about 50 percent, “continues to hold shares in line with corporate guidelines,” Intel said.

and were identified by a team at Google, with their work augmented by researchers from other organizations. affects only Intel chips. also affects chip designs from companies such Advanced Micro Devices and ARM Holdings, whose is used in most smartphones.

Intel, largely by virtue of its success, has the most at stake. While the Pentium chip underpinned most PCs running Microsoft operating systems in 1994, Intel processors are now also used in all Macintosh systems and more than 95 percent of the chips used by cloud services and data centers run by corporations. Its technological reach means that both and could affect just about anyone who uses the internet.

“We created a microprocessor monoculture,” said Bryan Cantrill, chief officer at Joyent, a cloud service owned by Samsung. “There are dangers associated with that.”

Intel’s situation is complicated by history and semantics. The Pentium problem was caused by a design error. But and attacks exploit a common speed-boosting technique in chips called speculative execution that Intel’s Mr. Smith insisted is working as it should. That approach to chip design emerged before researchers developed new ways to spy on such internal operations, using what they call “side-channel” analysis, Mr. Smith said.

As a result, the security issues that were discovered were not flaws or bugs, he said. The features that hackers could exploit are a bit like a door or window in a house, which burglars can exploit but that builders would not consider leaving out.

That hasn’t stopped an uproar from security researchers and tech industry executives. One widely distributed barb came from Linus Torvalds, the creator of the Linux operating system, who posted a testy message last week advising Intel to “take a long hard look” at its chips “and actually admit that they have issues instead of writing P.R. blurbs that say that everything works as designed.”

Major users of Intel chips — including and the cloud computing arms of and Amazon — have said they deployed security fixes recommended by Intel and so far they have not reported the sharp performance slowdowns of the sort some experts projected.

But the solutions are far from perfect. While Meltdown’s effects can be mitigated with updated operating systems, countering requires more complex steps like updating computer code stored in the chips themselves — or in some applications like web browsers, Intel recommends inserting special instructions in places that security professionals said may be hard to identify.

Mr. Smith said Intel and its partners had originally planned to disclose the security problems and their proposed solutions on Jan. 9, before the news was broken last week in The Register, a tech publication. Mr. Smith said the company did not disclose the issues when they were informed of them in June because Intel needed time to analyze the issues and then develop and test remedies.

Many security professionals said they accepted the argument. “This is not a simple ‘we found a bug, here’s a patch and we are done,’” Mr. Schneier said.

Whether Intel’s actions to address and will be enough for the company to sidestep a sizable financial hit is unclear. At least one lawsuit seeking class action status has been filed against Intel, and some industry executives expect more litigation to come. At a minimum, Intel engineers working on future microprocessors now face the additional labor of trying to make them less susceptible to the new kinds of attacks.

Using the software fixes, “we already have the security improvement that we are seeking to get,” Mr. Smith said. But making internal changes to the chips could handle those changes more efficiently, he said.

First Published: Tue, January 09 2018. 02:11 IST