As news of the Intel chip security flaw – dubbed Spectre – has started to permeate public awareness, people are asking themselves two main questions: “Do I have to worry about it, and if so what do I need to do?” and “Just what is speculative execution?” (The issue with the chips has to do with the speculative execution function.)
This flaw is said to affect millions of Windows, Mac, and Linux computers around the world. “Major flaw in millions of Intel chips revealed” screams the BBC headline. “A Critical Intel Flaw Breaks Basic Security for Most Computers,” banners Wired. Even Popular Mechanics is getting in on it, stating that “Horrific Security Flaw Affects Decades of Intel Processors.” Although, others are starting to say that it’s not limited to Intel chips, as pointed out by the Axios story, “Massive chip flaw not limited to Intel.”
That last is important to note; it isn’t just Intel chips. It is any chips that have speculative execution.
As the Popular Mechanics article explains, speculative execution “allows a processor to do things before it’s absolutely sure they need to be done, so the results are ready as quickly as possible if needed and simply ignored if not.”
This, they say, “allows programs without the proper permissions to access the part of an operating system known as the kernel, a low-level chunk of code that controls literally everything in your system.”
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
So, is it really so dire? How worried do you have to be about it? And, what can you do about it?
First, well, it is very serious in terms of the potential for what a malicious actor who knows how to abuse the flaw could do if they breach a particular computer or smartphone as a result of the flaw.
The reality is that, other than not having your computer connected to the Internet, there is very little that you can do on your end, because the fix is going to have to come from the manufacturers and vendors in the form of an update to the operating system (OS) of each computer that is affected.
As to how worried you should be about it? If you consider that five years ago it was estimated that there were more than 8 billion devices connected to the Internet (so there are certainly more today), the odds of your computer or smartphone being one of the ones that is breached is vanishingly small.
But make no mistake, that does not mean that you should be blasé about it. You absolutely should update your OS as soon as your vendor notifies you of the security update.
Many are saying that the fix, which will come in the form of an OS update for each given chip and hardware, will slow computers down. This makes sense because it will be impacting that speculative execution. However we are betting that the impact will be barely noticeable for the average user unless they are still using very old machines.
So, keep your eyes peeled for an OS update from your hardware’s manufacturer or your computer vendor.
In the meantime, while Intel is not the only chip manufacturer affected, they are one of the only ones to have issued a public statement about the issue. So here is Intel’s statement on the chip flaw:
Full Text of Intel’s Statement on the Chip Security Flaw
Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.
Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.
Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.
Intel is committed to the industry best practice of responsible disclosure of potential security issues, which is why Intel and other vendors had planned to disclose this issue next week when more software and firmware updates will be available. However, Intel is making this statement today because of the current inaccurate media reports.
Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available. Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied.
Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.