Hardware flaws are difficult to fix
In this series, we’ve been talking about the security flaws in the design of microprocessors of Intel (INTC), Advanced Micro Devices (AMD), ARM, and IBM (IBM) that are used in almost all PCs (personal computers), servers, smartphones, and tablets. Many companies are releasing software updates, but they have their own bugs.
Moor Insights & Strategy analyst Patrick Moorhead stated that hardware is the least vulnerable to any security attack. Thus, hackers don’t bother to break into Intel’s hardware. Now that the flaw has been revealed, hackers could look for loopholes in the design of the chip, which could create a whole new kind of attack, stated Forrester analyst Jeff Pollard.
Earlier, we saw that the software patches to Meltdown and Spectre aren’t working well. Most hardware issues can be fixed through software, and an effective software patch is still possible.
But this is not the case for hardware. It takes several years and billions of dollars to design a chip, test it, and bring it to volume production. Thus, a hardware solution isn’t possible if the software fix doesn’t work. This means users may either have to compromise on either speed or security.
Severity of Intel’s design flaw
The fact that Intel’s chips are more vulnerable to attack makes the security flaw even more severe, as the company commands about 80% of the PC CPU (central processing unit) market and 99% of the server CPU market. This means confidential data inside every PC, smartphone, and server in the world is exposed to Meltdown and Spectre. A security breach of Intel’s chips could have a devastating impact on a global level.
Security analysts argued that if four independent researchers can discover the flaw, countries with advanced cyber weapons programs might have discovered the flaw beforehand. If that has already happened, there could be a global security risk. The severity of the issue has already sparked various lawsuits and investigations against Intel, and the company hasn’t given much detail about the security flaw.
Could Intel have avoided the design flaw?
Paul Kocher, one of the independent security researchers who discovered the Meltdown and Spectre flaws, stated that the processor companies could have spotted the problem had they studied the risks associated with the ten major design aspects of its chips.
Some security analysts believe that it’s unfair to blame Intel for not identifying the security flaw. Now, the most pressing issue for Intel is how it will handle this situation. We’ll look into this in the next part.