A massive security flaw may have been discovered with Intel processors, according to reports today. The flaw makes passwords and other personal details an easier target for hackers, and is thought to affect all Intel processors from the last decade.
The good news is that there is a fix. But unfortunately the security patch will slow down processing power by as much as 30 per cent, hitting personal computers and cloud services around the world.
“This is the worst bug I’ve seen for a long time,” says Kevin Curran at Ulster University.
The problem centres around a fundamental part of an operating system called a kernel, The Register reported. The kernel is a program that controls most other programs, giving them access to memory whilst protecting sensitive information from your system. The flaw seems to mean that programs can essentially bypass the kernel and do these high-level manipulations themselves.
“Additionally, if a program is running in the cloud it could get access to anything else running on that server,” says Curran. The vast majority of the world’s cloud computing happens on Intel chips, including data centres run by Google, Microsoft and Amazon.
Fixing this problem means getting rid of the fast switching that can currently happen between a program and the kernel in favour of a process that’s slower, but more secure. The resulting slowdown seems to range from 5 and 30 per cent depending on the situation.
Though there have been many security bugs in the past, one that requires a fix that results in such a computational constraint is almost unheard of. “Never have I seen a patch that causes the CPU to be slowed down on such a scale,” says Curran.
At the moment, the main details of the flaw are being kept under wraps. But this sort of failure could be “devastating”, says Robert Watson at the University of Cambridge.
“Processors have long been sold based solely on performance considerations, not security,” says Watson. Improvements in processing power or battery life are immediately noticeable, but rarely will people pay for security improvements, let alone trade them for decreases elsewhere.
In response to the media coverage, Intel released a statement in which they said the flaw is not unique to Intel products and that they believe it does not have the potential to corrupt, modify, or delete data.
Intel said they have begun providing software and firmware updates and had planned to disclose the flaw next week when those updates will be available.
The company is dismissing reports that processing power will slow dramatically in affected machines. “Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time,” the statement said.