monsitj - Fotolia
Intel is prioritising hardware security in the wake of discoveries that its chips have design flaws that could be exploited by attackers.
Intel CEO Brian Krzanich sent an internal memo to employees announcing the creation of a new group called Intel Product Assurance and Quality, according to The Oregonian.
“It is critical that we continue to work with the industry, to excel at customer satisfaction, to act with uncompromising integrity, and to achieve the highest standards of excellences,” Krzanich said in the memo. “Simply put, I want to ensure we continue to respond appropriately, diligently, and with a customer-first attitude.”
The memo, sent just hours before Krzanich delivered the opening keynote at CES 2018 in Las Vegas, said the new group will be run by current head of human resources Leslie Culbertson, who joined Intel in 1979 and has previously served as director of its finance organisation and as general manager for systems manufacturing.
Further underlining the importance Krzanich places on the new group, Culbertson will be joined by Josh Walden, currently senior vice-president and general manager of Intel’s new technology group, and Steve Smith, currently vice-president and general manager of Intel’s datacentre engineering group.
Intel’s chips are not only vulnerable to an Intel-specific exploit dubbed Meltdown, which allows user mode processes to infer the contents of kernel memory, but are also affected by Spectre, an exploit that affects most modern chips, including those made by rivals.
Chip makers and software producers are fast-tracking the release of firmware and operating system updates. The latest of these updates is one from Apple, which the company claims protects its Safari browser and WebKit from Spectre exploits. Apple earlier issued updates to address Meltdown.
It really is important to keep browsers patched, says independent security consultant Graham Cluley. “Browsers are an obvious route through which an attacker could successfully execute code on your computer,” he wrote in a blog post. “That’s one of the reasons why I am also a strong advocate of users never venturing out onto the web without the added protection of an ad blocker.”
Read more about Spectre and Meltdown
- Apple has confirmed that all iPhones, iPads and Mac computers are affected by the Meltdown and Spectre microprocessor exploits as the financial services industry assesses the risk.
- According to the Carnegie Mellon University Software Engineering Institute, Meltdown and Spectre need to be addressed by applying updates and replacing the affected CPU hardware.
- AMD shares rise on news that the performance of millions of Windows PCs, Linux servers and Apple Macs is to be affected by critical updates for a recently discovered security flaw in Intel chips manufactured in the past 10 years.
- Intel advises business customers to apply a security update for some versions of its administration firmware for vPro processors to fix a remote execution flaw.
Although Meltdown can be fixed with a software update, Spectre can only be mitigated with microcode updates.
The only true fix for Spectre will be to redesign processors to eliminate the vulnerabilities that it exploits, and the new group at Intel is likely to focus on making sure the new chips are secure.
The processor flaws also endanger the PCs, internet browsers, cloud computing services and other technology that rely on them. The Meltdown and Spectre exploits enable what is known as a side-channel attack that could extract passwords and other sensitive data from the chip’s memory.
“Security is job number one for Intel and our industry,” Krzanich said in his address to the Consumer Electronics Show in Las Vegas.
“Our primary goal has been to keep our customers safe,” he said, adding that although there is no evidence that these exploits have been used to steal data, he recommended that people patch their systems as soon as possible.
Intel says it has issued updates for more than 90% of its microprocessors produced in the past five years and that more updates are coming in the next few weeks.
Initial reports suggested that any fix could slow computer performance significantly. “We expect some workloads may have a larger impact than others,” Krzanich said at CES, adding that Intel would continue to work to mitigate those impacts.