Intel chip leaks leaked | Stock plunged $ 20 billion in market value

Since the US technology blog The Register first disclosed on January 2, 2018 chip-level security vulnerabilities caused by CPU Speculative Execution Specter (Chinese name "ghost", there are CVE-2017-5753 and CVE-2017-5715 two variants) , Meltdown (a variant of CVE-2017-5754), Intel, ARM, AMD, Apple, IBM, Qualcomm, NVIDIA and others have all admitted that their processors are at risk of being attacked.

Despite the safety loopholes triggered by the CPU underlying design architecture, which affects almost all chip makers, Intel, the global leader in chip industry, has become the most prominent loser. "China Business newspaper reporter noticed, Intel's stock price has dropped from $ 46.85 / share on January 2 to $ 42.50 / share on January 11, the market value has shrunk by 20.4 billion U.S. dollars. Also look at Intel's rival AMD, the company's share price from January 2 10.98 US dollars / share rose to 11.93 US dollars on January 11 / share, or nearly 10%.

Intel and other chip makers, Microsoft and other operating system vendors, Apple and other terminal manufacturers respond to the CPU security 'loopholes door' measures are pointing to 'patch.' Intel China's relevant spokesman on January 10 in the telephone and e-mail told China (2017) We began shipping firmware updates to OEM partners in early December and we expect the updates to be released in the past (past) week will cover more than 90% of Intel processors introduced in the past five years, with the remaining Will be released before the end of January 2018 (2018), and we will continue to release updates on other products. "The spokesman stressed that Intel will not" chip recall ".

'Vulnerability Gate' was leaked ahead of schedule

This round of CPU 'loopholes' reputation as the 'millennium bug' computing equipment in the history of the largest security breach.

What is the "millennium bug"? Is the computer 2000 problem. Because the computer memory is relatively small, the year is represented by two digits, such as 1980 is 80, to 1999, 80 years born is 99-80 = 19 years old , But in 2000, it became 00-80 = -80 years old. This is called the 'Computer 2000 Problem.'

The CPU 'loopholes door' is how is it? A Huawei technology expert told the "China Business" reporter, people issued instructions to the computer can be divided into normal can be executed, the exception is not implemented two, according to the original structure Designs, exceptions that are not executed are left in the cache without any trace, so it does not matter if they can see the memory confidential information, but it has now been confirmed that the instructions are still in memory Which left traces of clues, and can be exploited by attackers, leading to the disclosure of sensitive information users.

The Project Zero team at Google pioneered the discovery of these chip-level vulnerabilities triggered by CPU Speculative Execution and named them Spectre and Meltdown and tested to confirm that Specter effects include Intel, AMD, ARM and many other vendors, including chip products, Meltdown (fuse) is the main impact of Intel chips.

These vulnerabilities were first reported by the Google Project Zero team to Intel, AMD and ARM in June 2017. Because these security risks involve a variety of different chip architectures, they are notified and certified by the Project Zero team Later, Intel, AMD, ARM and other manufacturers quickly came together, and led by Google signed a confidentiality agreement, and under the confidentiality agreement to cooperate to ensure that the agreed deadline for disclosure of the issue (January 9, 2018) arrived Before finding a solution to the problem. "Intel China stakeholders told the" China Business "reporter.

Not only are Google's Project Zero team, but several more researchers independently discovered these vulnerabilities in the second half of 2017. "These researchers learned that these security issues have been communicated to chipmakers by the Project Zero team, and the industry is working together And stepped up development of the solution, they also agreed to keep their findings confidential until the disclosure time point agreed on by the industry (January 9, 2018), "said a Chinese official from Intel China.

However, as the disclosure time (January 9, 2018) approached, the CPU security 'vulnerability gate' was disclosed in advance on January 2, 2018. Google subsequently disclosed the relevant information on January 3, 2018. - The Project Zero team notified Specter to Intel, AMD, ARM on June 1, 2017, and Meltdown to Intel on July 28, 2017.

Baotuan deal

Although similar to the "Y2K", the root cause of this CPU security "loophole" is caused by the design of the underlying architecture. However, when the issue was disclosed, the focus of public opinion was mainly on Intel.

An industry insiders told the "China Business" reporter interviewed that, on the one hand because Specter and Meltdown two loopholes are involved in Intel, on the other hand because Intel is the world's chip industry's 'boss', its product coverage, Affected user groups is undoubtedly the largest.

Intel clung to CPU security vulnerabilities defined by the media as 'chip gateways' in Intel's security. "China Business Journal" correspondent said on January 3, 2018, "Intel's Response to Security Research Results" , These security vulnerabilities are not unique to Intel products. "Intel released an update on January 4 stating that Intel has released updates for the majority of processor products introduced in the past five years. By next weekend (January 14 Day) Intel is announcing updates that will cover more than 90% of processors introduced in the past five years.

According to the U.S. Oregon News, Intel CEO Ke Keqi also sent a memorandum to employees on January 8 stating that the company will establish a new Intel Product Assurance and Security department to enhance safety. In his opening speech at CES 2018 on January 9, Oddky again stressed that "within this week, the remediation will cover 90% of the last 5 years and the remaining 10% will be repaired by the end of January."

After Intel, AMD, ARM, Qualcomm, NVIDIA, Apple, IBM and other manufacturers have also admitted that the 'loopholes' have an impact on their own products, and said it can be resolved through the system patch update.

For example, ARM said in a public statement that "many Cortex family of processors exist vulnerabilities; AMD official statement acknowledged that some of the processors have security vulnerabilities; IBM said 'Google's potential chips potential attack on all microprocessors have an impact, including IBM Power series processor '; Qualcomm said,' for the recent exposure of chip-level security loopholes in the product, the company is developing updates '; NVIDIA claimed that part of the chip by Specter, can cause memory leaks.The above companies are admitted to' While at the same time, they also said they are or have been developing security patches to enhance the security level of the affected chips.

For example, Apple acknowledged on the official website that "all Mac systems and iOS devices are affected, but at the same time, Apple's official website acknowledged that" all Mac OS and iOS devices are affected Apple has also claimed that 'will update Safari to prevent attacks, but also to further study of the two vulnerabilities, will be released in iOS, macOS and tvOS updates new solution. '

The current class action

While chipmakers, operating system makers and end-product vendors are trying to solve this CPU security 'breach' crisis in a 'patched' way, consumers are not satisfied with the industry's response.

According to Engadget, a U.S. technology news site, Intel has suffered three lawsuits in the United States and all are class actions because of CPU security leaks. "Engadget believes this means that more consumers who are harmed can join the ranks of plaintiffs Claims.At present there is no outbreak of lawsuits against other manufacturers such as AMD.

In simple terms, there are two main reasons why consumers sue Intel. One is the disclosure of security risks after a lapse of six months. The second is that patching affects the performance of their computers.

For the extension of the disclosure of the issue, Intel China official said that this is in order to actively fight for time, learned from the existence of loopholes until now 6 months, Intel has been working with other vendors to speed up the search for solutions to the problem, 'a large Alliance of technology companies have been working together to study and prepare for the solution '.

Foreign media quoted a developer as saying that the fix to the CPU core will affect all operating systems, and most software applications will experience a "one-figure slide" (that is, below 10%) for software performance issues. , The typical performance decline of 5%, while the networking capabilities, the worst performance decline of 30%, that is, 'patch' to solve the security 'loopholes' will result in a 5% reduction in computing device performance ~ 30%.

However, Intel insisted in the e-mail that 'Meltdown and Specter two CPU vulnerabilities will not have a significant impact on the performance of the computer', the company's SYSmark test showed that after the 'patch' CPU performance decline of about 2% ~ 14 % '.

In fact, the "China Business" reporter noted that Intel and AMD and other manufacturers have occurred in the past CPU Bug events, such as the Pentium FDIV Bug found in 1994, Pentium FOOF Bug found in 1997, Intel discovered in 2008, Intel ME vulnerabilities, AMD Phenom TLB Bug, Ryzen Segfault Bug, etc. Among them, the Intel Pentium FDIV Bug is an out-and-out flaw, initially Intel did not pay attention, only decided to be partially certified Affected users to replace the CPU, then forced by public opinion and market pressure, Intel recalled all the affected CPU, when the loss of up to 475 million US dollars.Can be discovered after many CPU Bug events, Intel and AMD are through the 'patch 'Way to solve the problem.

In response to the security 'loopholes door', Intel will not recall its own chip? Intel China related spokesman quoted Ko again odd public opinion, Meltdown and Specter than the Pentium FDIV in 1994 easy to solve, and Intel has begun to address These vulnerabilities make it impossible for Intel to recall chip products that are affected by Meltdown and Specter vulnerabilities. "

2016 GoodChinaBrand | ICP: 12011751 | China Exports