Intel Does a Do: A Spectre Story

By Frederick Chu

Hang on for a minute...we're trying to find some more stories you might like.


Email This Story






First discovered independently by researchers from Google’s Project Zero, Cyberus Technology, and the Graz University of Technology, two relatively unknown CPU security vulnerabilities have now escalated to what are widely regarded as the biggest processor flaws in computer history.
Now dubbed Spectre and Meltdown, these issues pose a serious threat, one that arises from the extreme range of their potential effect. The former is especially prevalent; all modern CPUs are made to use the same techniques that leave Intel processors vulnerable to Spectre. While Intel is rendered particularly vulnerable – holding nearly 100% of the server marketshare and whose CPUs are found in most of all major PCs – essentially all consumer electronics are affected by Spectre. Intel is subject to another vulnerability, in that the second iteration of this processor flaw, Meltdown, reportedly does not affect any of Intel’s competitors’ processors.
These two flaws take advance of a major security hole in virtually all processors produced in the last two decades, that allows normal user programs to read protected areas of a device’s kernel memory. It has precedence over the essential components of all system OSs and their applicational interaction with system hardware. What’s worse is that this flaw results from a physical design flaw engraved in the Intel x86-64 hardware, and any patch would therefore require an overwrite to the system’s OS.
The obvious solution, then, was to entirely separate the kernel’s memory, in a process called Kernel Page Table Isolation, or KPTI. At the base premise, the kernel’s code and data are never visible during user processes, but are nevertheless present in the process’s page tables, allowing them to be read through the mentioned processors’s design flaws. KPTI patches move the kernel into a separate address space, so that they are rendered entirely invisible to running processes. This separation requires for processors to continually switch between two different address spaces for every shift between interrupt and system call. It increases the time needed to perform a task and forces the processor to constantly retrieve information from memory, as cached data is dumped; this creates a noticeable drop in computational speed, ranging anywhere from 13 to 25 percent pre-patch.
Matters were worsened significantly by hardware suppliers’s inefficient and ineffective moderation of patch releases.
On January 4, two days following the joint public announcement of Spectre and Meltdown, Microsoft released a hastily prepared Windows security patch that resulted in AMD users left stuck with blue screen errors and unable to boot their devices. These buggy patches were pulled on January 9 after a flood of complaints followed the release, and Microsoft officially paused security update distribution, instead focusing on preventing AMD PCs from receiving further updates. Similarly, Intel’s own Spectre/Meltdown patches resulted in spontaneous rebooting and processor hyperactivity, causing complaints and even more patch updates in response.

A large amount of controversy has come about regarding events surrounding this subject; around the same time Intel would have become personally aware of the vulnerability, Intel CEO Brian Krzanich sold around $11 million in company stock, leaving him with the 250,000 share minimum he is required to own by Intel’s policies.
A class action complaint was filed on January 3 in Northern California, followed quickly by two other similar complaints the next day, from Oregon and Southern Indiana. All three complaints address the general security vulnerability and Intel’s failure to disclose and confront it in a timely fashion.
Later, the Wall Street Journal reported that Intel likely disclosed the vulnerabilities to individually operating computer makers – including Google, Amazon, and Microsoft, and more, the latter two of which are Chinese firms – before notifying the US government. The Chinese government therein could potentially have learned about these vulnerabilities before the US could utilize them with malicious intent. However, whether or not the vulnerabilities were actually used by foreign spies is yet to be determined.

These series of events negatively reflect upon the industry as a whole, magnifying public scrutiny already posed by bloated graphics card prices. Intel lacked a clear communication strategy despite having months in advance to prepare, developed buggy patches, failed to effectively post developed patches for public use, and covered up the fact that they were especially vulnerable compared to the rest of the market. Microsoft’s image also suffered for pushing forward flawed patching strategies and buggy patches. Even AMD now looks less than great, with their flippant “we’re not affected” message creating false confidence, in spite of universal Spectre vulnerability. what the fuck, richard?

4 Comments

4 Responses to “Intel Does a Do: A Spectre Story”

  1. Richard on February 8th, 2018 1:08 pm

    This is an outrage

    [Reply]

  2. Luy Kim on February 9th, 2018 11:37 am

    It surprised me that there were so many security flaws in the CPUs, and actually made me sort of worried about my own as well. I hope this issue is resolved in the near future

    [Reply]

  3. Yumi on February 9th, 2018 11:41 am

    I’m a little disappointed that this isn’t a review of the James Bond movie.

    [Reply]

    adviser Reply:

    Wait. Isn’t it?

    [Reply]

If you want a picture to show with your comment, go get a gravatar.




Navigate Right
Navigate Left
  • Intel Does a Do: A Spectre Story

    Lifestyle

    The Evolution of the Rubik’s Cube

  • Intel Does a Do: A Spectre Story

    Lifestyle

    Microsoft’s April Update

  • Intel Does a Do: A Spectre Story

    Arts & Entertainment

    Thai New Year Festival

  • Lifestyle

    ASGL 2018-2019 Bell Schedule

  • Intel Does a Do: A Spectre Story

    Arts & Entertainment

    Susie Examines LGBT in Korean Pop Culture

  • Intel Does a Do: A Spectre Story

    Lifestyle

    AMD’s Eventual Redemption

  • Intel Does a Do: A Spectre Story

    Lifestyle

    Samsung Galaxy S9: S8 Copycat?

  • Intel Does a Do: A Spectre Story

    Lifestyle

    Free Speech on College Campuses

  • Intel Does a Do: A Spectre Story

    Lifestyle

    STRESS ABOUT STRESS

  • Intel Does a Do: A Spectre Story

    Lifestyle

    2018 Do’s & Don’ts: Fashion