IMPLICATIONS OF INTEL PROCESSOR BUG FLAWJanuary 15, 2018
Earlier this month a story broke that you may not have seen, but it has some huge implications, which we'll be getting back to, but when I read the following article, shared by Mr. W., I knew I had to be blogging about it eventually. The story? The biggest maker of computer chips, Intel, has several design flaws in its chips. The problem? Virtually anyone with a computer or a smart phone, is affected. Consider the following carefully:
Now, you'll have noticed that I filed this particular story under "Babylon's Banksters," and we'll get back to my reasons for doing so shortly, for as you can imagine, it relates directly to today's high octane speculation. There's enough here in this article to ponder about and implications spin out in all directions, but I want to concentrate on just two general directions. Consider the following statements:
Earlier today, we reported that according to a press reports, Intel's computer chips were affected by a bug that makes them vulnerable to hacking. Specifically, The Register said the bug lets some software gain access to parts of a computer’s memory that are set aside to protect things like passwords, and making matters worse, all computers with Intel chips from the past 10 years appear to be affected. The news, which sent Intel's stock tumbling, was later confirmed by the company.
The extent of the vulnerability is huge
As Bloomberg writes, "the vulnerability may have consequences beyond just computers, and is not the result of a design or testing error." Here's how the bug "works":
All modern microprocessors, including those that run smartphones, are built to essentially guess what functions they’re likely to be asked to run next. By queuing up possible executions in advance, they’re able to crunch data and run software much faster.
The problem in this case is that this predictive loading of instructions allows access to data that’s normally cordoned off securely, Intel Vice President Stephen Smith said on a conference call. That means, in theory, that malicious code could find a way to access information that would otherwise be out of reach, such as passwords.
There is another take, and according to this one the implications to both Intel and the entire CPU industry could be dire. What follows is the transcription of the Monday afternoon tweetstorm by Nicole Perlroth - cybersecurity reporter at the NYT - according to whom today's "bug" is "not an Intel problem but an entire chipmaker design problem that affects virtually all processors on the market." In fact, according to the cybersecurity expert, one aspect of the bug is extremely troubling simply because there is no fix. Here is the full explanation.
- 4. We're dealing with two serious threats. The first is isolated to #IntelChips, has been dubbed Meltdown, and affects virtually all Intel microprocessors. The patch, called KAISER, will slow performance speeds of processors by as much as 30 percent.
- 5. The second issue is a fundamental flaw in processor design approach, dubbed Spectre, which is more difficult to exploit, but affects virtually ALL PROCESSORS ON THE MARKET (Note here: Intel stock went down today but Spectre affects AMD and ARM too), and has NO FIX.
- 6. Spectre will require a complete re-architecture of the way processors are designed and the threats posed will be with us for an entire hardware lifecycle, likely the next decade.
- 7. The basic issue is the age old security dilemma: Speed vs Security. For the past decade, processors were designed to gain every performance advantage. In the process, chipmakers failed to ask basic questions about whether their design was secure. (Narrator: They were not)
(Italicized emphasis added)
There are, as I mentioned, two areas that concern me about this story: (1) national security and (2) financial clearing and data, and other financial "products". The national security angle intrigues because this story broke at the end of a year which saw more ship collisions, a year in which we saw the Fitzgerald and McCain incident, both incidents which I have blogged about on this site. At the time, the explanations and speculations ranged from simple incompetence to cyber-security problems and global positioning "spoofing" to more exotic explanations from electromagnetic weaponry to potential mind manipulation. I've been willing to entertain all these explanations and perhaps even combinations of these things. Consider only the possibility of global positioning spoofing, which would seem to be more or less easily accomplished for a professional cyber-warfare scheme that knows these architectural flaws and is trained to exploit them.
In short, the problem is a national security issue, and perhaps even "blowback" from decisions taken long ago in the USA (most likely during the Reagan era) to insert "clipper chips" - deliberately flawed hardware with "backdoors" allowing government access to private systems. If that highly speculative reading of this story is true, then it poses a rather significant question: is the US government willing to allow the production of chips that have no such hidden and deliberate "design flaws" in trade for greater across the board cyber security, or will it insist on secret agreements with chip producers to continue the practice? From the national security point of view, it's not an easy choice.
But I suspect the real problem here is that of secure financial data transfer and clearing, and in particular, the problems this story poses for the blockchain-cryptocurrency phenomenon, which has become something almost approaching the status of a religion for its defenders. We've been assured over and over that the blockchain is a relatively secure platform and that cryptocurrencies are therefore more or less free from governmental or central bank "interference." But how secure is a system which - distributed ledger though it may be - nonetheless is being serviced by thousands of private computers using chips with design flaws that permit a capable hacker of stealing all sorts of secure data, like... passwords, for example?
I would contend that it is not secure, and that the Intel story thus contains wider implications that have not yet "hit" the growing market.
For me and my house, this only reinforces my conviction that the only sound and truly anonymous and relatively secure medium of exchange is good old-fashioned cash.
See you on the flip side.