Intel Does a Do: A Spectre Story

By Frederick Chu

Hang on for a minute...we're trying to find some more stories you might like.


Email This Story






First discovered independently by researchers from Google’s Project Zero, Cyberus Technology, and the Graz University of Technology, two relatively unknown CPU security vulnerabilities have now escalated to what are widely regarded as the biggest processor flaws in computer history.
Now dubbed Spectre and Meltdown, these issues pose a serious threat, one that arises from the extreme range of their potential effect. The former is especially prevalent; all modern CPUs are made to use the same techniques that leave Intel processors vulnerable to Spectre. This means that while Intel is rendered particularly vulnerable – holding nearly 100% of the server marketshare and whose CPUs are found in most of all major PCs – essentially all consumer electronics are affected by Spectre. Intel is subject to another vulnerability, in that the second iteration of this processor flaw, Meltdown, reportedly does not affect any of Intel’s competitors’ processors.
These two flaws take advance of a major security hole in virtually all processors produced in the last two decades, that allows normal user programs to read protected areas of a device’s kernel memory, which has precedence over the essential components of all system OSs and their applicational interaction with system hardware. What’s worse, this flaw results from a physical design flaw engraved in the Intel x86-64 hardware, and any patch would therefore require an overwrite to the system’s OS.
The obvious solution, then, was to entirely separate the kernel’s memory, in a process called Kernel Page Table Isolation, or KPTI. At the base premise, the kernel’s code and data are never visible during user processes, but are nevertheless present in the process’s page tables, allowing them to be read through the mentioned processors’s design flaws. KPTI patches move the kernel into a separate address space, so that they are rendered entirely invisible to running processes. This separation requires for processors to continually switch between two different address spaces for every shift between interrupt and system call, which increases the time needed to perform a task and forces the processor to constantly retrieve information from memory, as cached data is dumped; this creates a noticeable drop in computational speed, ranging anywhere from 13 to 25 percent pre-patch.
Matters were worsened significantly by hardware suppliers’s inefficient and ineffective moderation of patch releases.
On January 4, two days following the joint public announcement of Spectre and Meltdown, Microsoft released a hastily prepared Windows security patch that resulted in AMD users left stuck with blue screen errors and unable to boot their devices; these buggy patches were pulled on January 9 after a flood of complaints followed the release, and Microsoft officially paused security update distribution, instead focusing on preventing AMD PCs from receiving further updates. Similarly, Intel’s own Spectre/Meltdown patches resulted in spontaneous rebooting and processor hyperactivity, causing complaints and even more patch updates in response.

A large amount of controversy has come about regarding events surrounding this subject; around the same time Intel would have become personally aware of the vulnerability (affected hardware firms were notified at the start of June last year), Intel CEO Brian Krzanich sold around $11 million in company stock, leaving him with the 250,000 share minimum he is required to own by Intel’s policies.
A class action complaint was filed on January 3 in Northern California, followed quickly by two other similar complaints the next day, from Oregon and Southern Indiana; all three complaints address the general security vulnerability and Intel’s failure to disclose and confront it in a timely fashion.
Later still, the Wall Street Journal reported that Intel likely disclosed the vulnerabilities to individually operating computer makers – including Google, Amazon, Microsoft, Lenovo, and Alibaba, the latter two of which are Chinese firms – before notifying the US government. The Chinese government therein could potentially have learned about these vulnerabilities before the US and utilized them with malicious intent. However, whether or not the vulnerabilities were actually used by foreign spies is yet to be determined.

These series of events negatively reflect upon the industry as a whole, magnifying public scrutiny already posed by bloated graphics card prices. Intel lacked a clear communication strategy despite having months in advance to prepare, developed buggy patches, failed to effectively post developed patches for public use, and covered up the fact that they were especially vulnerable compared to the rest of the market. Microsoft’s image also suffered for pushing forward flawed patching strategies and buggy patches. Even AMD now looks less than great, with their flippant “we’re not affected” message creating false confidence, in spite of universal Spectre vulnerability. what the fuck, richard?

4 Comments

4 Responses to “Intel Does a Do: A Spectre Story”

  1. Richard on February 8th, 2018 1:08 pm

    This is an outrage

    [Reply]

  2. Luy Kim on February 9th, 2018 11:37 am

    It surprised me that there were so many security flaws in the CPUs, and actually made me sort of worried about my own as well. I hope this issue is resolved in the near future

    [Reply]

  3. Yumi on February 9th, 2018 11:41 am

    I’m a little disappointed that this isn’t a review of the James Bond movie.

    [Reply]

    adviser Reply:

    Wait. Isn’t it?

    [Reply]

If you want a picture to show with your comment, go get a gravatar.




Navigate Right
Navigate Left
  • Intel Does a Do: A Spectre Story

    Class of 2018

    Military and College

  • Intel Does a Do: A Spectre Story

    Arts & Entertainment

    You Need to Sleep!

  • Intel Does a Do: A Spectre Story

    Lifestyle

    Expected Fashion Trends for 2018

  • Intel Does a Do: A Spectre Story

    Food

    California Ramen Factory

  • Intel Does a Do: A Spectre Story

    Lifestyle

    6 Ways to Make Friends for FREE

  • Intel Does a Do: A Spectre Story

    Global Citizenship

    Bengali Ananda Mela: A Carnival of Joy বাংলা আনন্দ মেলা: জয় এর একটি কার্নিভাল

  • Intel Does a Do: A Spectre Story

    Class of 2018

    How to Stop Procrastinating

  • Intel Does a Do: A Spectre Story

    California/Local

    J&S OneStop Auto Repair!

  • Intel Does a Do: A Spectre Story

    Live Performances

    Live Performance: “Henry V” by William Shakespeare

  • Intel Does a Do: A Spectre Story

    1968: 50 YEARS LATER (JANUARY - FEBRUARY)

    The Solution