Intel Says Range of Chips Vulnerable to Hack

Intel confirmed a report saying that its chips contain a feature that makes them vulnerable to hacking, though it said other companies’ semiconductors are also susceptible, according to Bloomberg.

Intel is working with chipmakers, including AMD and ARM, and operating system makers to develop an industrywide approach to resolving the issue, the company said in a statement. Intel said it has begun providing software to help mitigate the potential exploits. Computer slowdowns depend on the task being performed and for the average user “should not be significant and will be mitigated over time.“

“Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed,“ the company said. “Intel believes these exploits do not have the potential to corrupt, modify or delete data.“ Reports about exploits caused by a “bug“ or a “flaw“ that are unique to its products are incorrect, Intel said.

The vulnerability may have consequences beyond just computers, and is not the result of a design or testing error. All modern microprocessors, including those that run smartphones, are built to essentially guess what functions they’re likely to be asked to run next. By queuing up possible executions in advance, they’re able to crunch data and run software much faster.

The problem in this case, according to people familiar with the issue, is that this predictive loading of instructions allows access to data that’s normally cordoned off securely. That means, in theory, that malicious code could find a way to access information that would otherwise be out of reach, such as passwords.

AMD said “there is near zero risk“ to its processors because of differences in the way they are designed and built. “To be clear, the security research team identified three variants targeting speculative execution. The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants,“ the company said in a statement.

Intel CEO Brian Krzanich told CNBC that a researcher at Google made Intel aware of the issue a couple of months ago. “Our process is, if we know the process is difficult to go in and exploit, and we can come up with a fix, we think we’re better off to get the fix in place,“ Krzanich said.

Microsoft released a security update for its Windows 10 operating system and older versions of the product to protect users of devices with chips from Intel, ARM and AMD, the company said in a statement. They have also started applying the patches to its cloud services where servers also are affected by the issue.

“We have not received any information to indicate that these vulnerabilities had been used to attack our customers,“ Microsoft said in the statement. The fixes were originally planned for release on Jan. 9 but rushed out after a proof of concept for how to exploit the flaw was published, according to a person familiar with the situation.