Intel bug: 'Spectre' security flaw is so fundamental that it will require every computer to be re-designed

The bug affects nearly every computer, phone or other device made in the last 20 years

Andrew Griffin
Thursday 04 January 2018 08:25 EST
Comments
Intel chip flaw: The problem affecting everything from the smallest phone to the largest web infrastructure

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A huge bug found in the fundamental architecture of computers could require them to be entirely re-designed.

The new security flaw could allow attackers into the most sensitive parts of a computer, and the information contained in it. And fixing it might mean re-designing the chips that power them almost from the beginning, researchers have warned.

The bug – which is actually two separate vulnerabilities – was found by Google researchers who say that the problem affects some of the most fundamental parts of how computers work. And it is contained within just about every modern device.

One of the problems, called Meltdown, is already fixed in many computers. That patch comes with its own problems: it can slow down the systems by as much as 30 per cent.

But perhaps more dramatic is the Spectre vulnerability, for which there is no easy fix. Instead, the issue arises with the very foundations of the chips, meaning that they won't be fixed until computers are re-designed and replaced, according to security experts.

It is so fundamental that it affects almost every computer – including phones and other devices – made in the last 20 years. And it appears to exploit the very design of those chips, meaning that it affects products made not just by Intel, as initially reported, but a range of other technology too.

It is not even clear how the re-design could actually happen to remove Spectre, according to researchers, since there's no known fix for the problem. That means that companies like Intel who have been hit by the bug might not be able to solve it immediately.

It could take many years for computers and chips to include fixes for the Spectre issue, and for the industry to recover.

But there also isn't any known exploit of it, either. The precise details of the problem are still being kept secret to avoid them being used by malicious attackers, meaning that it's hard to know just how widespread or easy they are to use.

Much of the work to find a fix to both Spectre and Meltdown is already thought to be happening. Though the flaw was only just revealed, security researchers have been secretly working to patch it for months – meaning that most consumer systems have actually already received patches for Meltdown.

Intel's statement and those of other chip manufacturers didn't address the problem of Spectre, and the re-designs that could be required. Its long press release only made reference to installing updates, which would presumably only fix the issues with Meltdown.

"Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available," Intel said. "Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied.

"Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers."

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in