When I first heard the news about a critical flaw in Intel’s chips, I felt that something wasn’t quite right. Intel has been designing chips for decades and they must have some of the world’s best chip designers. How was it possible that they missed what appeared to be a major flaw that would open the door to two possible exploits named, Meltdown and Spectre?
There are three possible answers to this dilemma.
- Intel’s chip designers are not as good as they think. Everyone working on and checking the design never saw that the chip was flawed.
- Intel knew that the chip had vulnerabilities but overlooked them to increase the performance (speed) of its processor.
- Some authority ‘requested’ that Intel ‘design’ the vulnerability into its chip so that it could be exploited if necessary.
I’ve already explained why I think option 1 is unlikely, but I was unsure if Intel would choose the risky performance-over-security alternative that comprises option 2. After all, if this flaw was ever detected by an independent third party, it could have catastrophic financial consequences for the firm.
That being said, option 2 has been pointed to by a number of cybersecurity experts, such as Anders Fogh, a researcher for German cybersecurity firm, GData. Remarking on his findings concerning the vulnerabilities, WIRED noted that “in their insatiable hunger for faster performance, chipmakers have long designed processors to skip ahead in their execution of code, computing results out of order to save time rather than wait at a certain bottleneck in a process.” Later in the article, WIRED expanded on this idea when they talked about research on the vulnerability conducted by Paul Kocher of Cryptography Research, saying that he wanted “to explore a broad issue he saw in computer security: the increasingly desperate drive to squeeze ever-greater performance out of microchips at all costs—including, perhaps, the cost of their fundamental security.” Undeniably, the issue of speed over security is a leading contender for the existence of the Meltdown/Spectre vulnerabilities.
Actually, the odds of such vulnerabilities never being discovered were in the company’s favor. Only some group with the knowledge to perform something in the order of a Stuxnet attack would be capable of making use of this vulnerability. According to a BBC article, “Meltdown or Spectre will at first probably be limited to those prepared to plan and carry out more complex attacks, rather than everyday cyber-criminals.” The Financial Times adds more details by claiming that “the vulnerability would be most likely to be used by sophisticated nation state hackers for espionage”.
And that brings us to option 3. Was Intel asked to design what could be called a backdoor into its chip? The answer to this is far more complex, but it would not be the first time that Intel has been accused of putting backdoors or other questionable elements in its processors. At the Blackhat Conference in 2012, researcher, Jonathan Brossard, showed how a hardware backdoor he called, Rakshasa, “works on 230 Intel-based motherboards”. This revelation caused one writer to observe that, “it would be very, very easy for the Chinese government to slip a hardware backdoor into the firmware of every iPad, smartphone, PC, and wireless router.” This is because 99% of all chips are produced in China. Coincidentally, in the same year, researchers at Cambridge University found a hardware backdoor in a military grade chip made in China.
“We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key. This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport. In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for National Security and public infrastructure.”
In June, 2016, a researcher reported on what amounted to a chip within the main Intel chip called the Intel Management Engine (ME). He claimed that “when these are eventually compromised, they’ll expose all affected systems to nearly unkillable, undetectable rootkit attacks.” In August, 2017, a team from Positive Technologies was working on disabling this ME when they discovered that the NSA had been there before them. Apparently, desiring to protect themselves from anyone manipulating the ME, they had Intel design a way for them to disable it. Most people in the cybersecurity community would not be surprised to learn that the NSA was working with Intel, but the point here is that option 3 above cannot be discounted for several reasons. Certainly China or the NSA could have found ways to have the Meltdown/Spectre vulnerability placed on the chips.
Any device with a computer chip is vulnerable to these attacks. However, it would be unlikely that such a sophisticated attack would be used for normal hacking purposes. It has been reported that no attacks using these vulnerabilities have been discovered. This is a useless claim since anyone exploiting the vulnerabilities would leave no traces anyway.
In any event, Intel and other chip makers are busily working on updates. Since Microsoft products run on Intel chips, they were the first to come out with their updates. The first reports found that the updates conflict with other antivirus programs that users may have been using in conjunction with Windows Defender. You may have to set the registry yourself for the update to be accepted. To see if your antivirus program is affected, follow this link and take a look at the chart. It should be noted that some computers running on AMD processors were reportedly frozen by the update, so be careful.
I received the update without a problem. Some have warned that the fix may slow computers, but I have noticed nothing serious to this point. If it is true that chips manufactured by other chip makers also contain these vulnerabilities, then the problem becomes much more serious, especially if option 3 proves to be true.