He told CBN reporter that at present, the products that are still being evaluated internally for the chip vulnerabilities exposed are still being evaluated internally. To some extent, it is agreed that the scope of influence may be broader.
On January 3, a team of Google Project Zero teams published a statement on chip vulnerabilities after several companies, including Intel, AMD, ARM, and Apple, Qualcomm, IBM and others, acknowledged that their chips There are loopholes, there is a risk of Meltdown or Specter attacks.
Apple's official website said that blown and ghost attacks apply to all modern processors and affect virtually all computing devices and operating systems, including Mac systems and iOS devices, but so far no instance of exploiting the consumer has been exploited. General rules in the United States on January 5 said that by the recent exposure of chip-level security loopholes in the product, the company is developing updates.
Canalys analyst Jia Mo told reporters that this Google released two major loopholes, which are based on Intel, AMD and ARM processor-based kernel-side vulnerabilities, and this loophole is very different from the past is hardware-side From the impact on the industry, this is a common problem in the industry CPU core architecture.
Vulnerability affects large companies
Intel, which has lost nearly $ 11 billion in market capitalization at the moment, dropped 5.5% last Wednesday, its largest decline since October 2016, while the likes of Amazon, Apple, Microsoft and IBM And other technology giants have in front of this loophole were spared.
Meltdown vulnerabilities are widely used in Intel and AMD processors, ARM's Cortex A75 is also involved, but because the A75 is the core of the Snapdragon 845, the current meltdown impact on the mobile phone industry may But does not rule out meltdown will affect other types of ARM core, such as engineers to test the Cortex A15, A57 and A72 will have an impact. "Jia Mo told reporters.
For Specter, Gamo believes that the implications are broader due to the more basic architecture that currently affects Cortex A8, A9, A15, A17 and A57, A72, A73 and A75, This affects the mobile phone will be more, such as Apple's iPhone series (A8, A9), and even Huawei's unicorn 970 is also used A72.
For chip security problems, Huawei chip department insiders told reporters that the incident is being assessed.
Qualcomm said it is actively developing solutions for deploying bug fixes and will continue to do its utmost to enhance product security by deploying the solution while encouraging consumers to update their devices once the patch is released.
However, Qualcomm spokesman did not specify what models have been affected, insiders speculation Qualcomm upcoming Snapdragon 845 chip is likely to be in the affected list, because it uses the ARM Cortex A75 core, and this precisely the core Affected by the loophole, Qualcomm shares dropped about 1% in last Friday's after-hours trading.
The most "honest" is Apple, Apple said Meltdown and Specter flaws related to the basic architecture of the computer chip design, completely shielded is very difficult and complex, the new attack code may bypass the existing patch software to steal stored in the chip kernel memory Confidential information, and currently all products, including Mac systems and iOS devices, are affected.
In addition to the above companies, ARM admitted on January 4 that a number of its Cortex-architecture processors are at risk of being compromised.
This is not a problem for Intel, because ARM and allegedly less problematic AMD have affected.But because of possession is relatively deep, there is no actual evidence to prove that these two vulnerabilities have been exploited by hackers.And Specter (Correspondingly, because more in-depth, more difficult to repair.) For now, if the computer or mobile phone does not have the virus software to get the associated permissions to get the user's privacy information (such as an account , Passwords, etc.), hackers are still more difficult to exploit these two loopholes to destroy. 'Jia Mo told reporters.
Dancing on the cliff
From the X86 to the Arm, to the Power Architecture, advanced processors have not been immune to chip loopholes.
Intel, the most damaging of it, said in a response to First Financial correspondent that Intel has released updates for the majority of processor products introduced in the past five years, and prior to the end of this week Intel released an update More than 90% of processor offerings in the past five years are expected to be covered, and many operating system providers, public cloud service providers, device manufacturers and others also said they are or have updated their offerings of products and services .
For the fuse attack, Apple also said that the released iOS 11.2, macOS 10.13.2, and tvOS 11.2 have been preventive measures, and will update Safari. In order to prevent ghost attacks, Apple is also a study of these two vulnerabilities, New solutions will be released in iOS, macOS, and tvOS updates.
But the Google Project Zero blog shows that AMD and the Arm processors have been spared the first two attacks, which means that from iOS devices to Sony's PlayStation Vita, from Nvidia's Tegra chips to more Many vendors and products have the risk of being attacked both by fusing and ghosts.
There are even computer architecture experts believe that the risk of fusing has been exposed, the browser password can be directly steal, the world has seen the demonstration, ghost risk is also great, but no instance has been released.
'The whole industry is dancing on the edge of the cliff, just think it has not fallen.' An internal staff Huawei Hass sighed with reporters.
Tijuan Tuo Tuo Industrial Research Institute analyst Yao Jiayang told reporters that at present almost all major suppliers have proposed countermeasures for chip problems, chip loopholes exist, but there is no need to over-reaction, but he also admitted that the major deal with Vendor vendors are at risk at this stage of the attack, and for downstream, you should think about ways to mitigate the impact of "being attacked."
'There may be some exaggeration in the marketplace where, in terms of system design, there is not only a processor and operating system practitioner working on security but also Infineon and NXP Provide a very unique security chip, to enhance the security performance of the system. 'Yao Jia Yang said that for chip makers, in the next generation of processor design, whether to rebuild from the most basic architecture This will be the processor Practitioners must think about the issue, after all, renovation of the structure, it may also bring the risk of performance can not be effectively enhanced.