Jan 5, 2018

Intel says widespread vulnerability won't slow future chips


A sticker advertising the use of an Intel processor used inside a laptop in London. Photo by Yui Mok/PA Images via Getty Images

Despite the revelation of a massive vulnerability affecting more than a decade's worth of chips, Intel says it believes it has the issue well in hand, both for current and future chips.

Why it matters: For the issue not to hit the bottom line, as Intel maintains it won't, the chipmaker needs to keep current customers happy, maintain its market share and ensure future products don't suffer big delays.

In an interview, two of Intel's top technical leaders told Axios that mitigations are place for all three known vulnerabilities and insists it already has a plan in place to protect future chips. (For more on the chip issues, see this explainer.)

Fixes coming: Initial reports suggested the chip problem was exclusively Intel's issue, that systems can't be fully patched and that even those that could be patched would see a substantial performance hit. But Intel insists none of those three things are true.

  • "We have in place complete mitigations for all three variants," VP Donald Parker told Axios. The company said Thursday that it has firmware updates for half the chips made in the last five years and will have mitigations for 90 percent of those chips by the end of next week.
  • "We will continue to work on products older than that," Parker said, though at a certain point the company says it will gauge demand to figure out how far back to offer fixes.

Performance concerns overblown: While there can be specific instances where the necessary updates slow performance, Intel reiterated that typical users shouldn't see much of a performance impact and pointed to comments from Google, Microsoft and others that seem to bear that out.

Future chips not impacted: Parker said that the company has been designing upcoming chips with changes that will help protect against attacks without giving up entirely on "speculative execution", the technology at the heart of the vulnerability.

  • That's important because speculative execution has proven to be an important technique for making the best use of a chip's processing power.
  • The technique lets chips use excess computing power to essentially play what-if — calculating next steps that might or might not be called for later.
  • Giving up the technique entirely would likely result in slower performance since the chips would spend more time idle.

Making the changes, Parker said, shouldn't cause any significant delays or product cancellations. He said the techniques used to protect against the vulnerability in the new products will be more efficient than the software-based mitigations being used to secure existing ones.

But, but but: Intel says it has been looking around for other, similar vulnerabilities. So far it hasn't found any, but Intel fully expects that outside researchers will be studying if other types of attacks can be crafted using the recently revealed vulnerabilities.

"That's what they do," says Intel corporate VP Stephen Smith.

Stock sale: Also Intel CEO Brian Krzanich is facing renewed scrutiny over millions of dollars of stock sales made last year, after Intel was made aware of the vulnerabilities.

Go deeper