Intel faced the brunt of the early criticism, when initial reports pegged the potential exploits as something that affected only its chips. It turns out that’s not the whole story. The Meltdown vulnerability is specifically aimed at Intel’s hardware, but Spectre will be an ongoing issue for every modern CPU. All the same, no massive security hole was going to put a stop to Intel CEO Brian Krzanich’s opening CES keynote — not when its big-budget show was being held at a giant music venue at the Monte Carlo hotel.
After an opening act that featured virtual instruments and a virtuoso child dancer, Krzanich went into crisis response mode almost immediately. “The collaboration among so many companies to address this industry-wide issue across several different processor architectures has been truly remarkable,” he said, praising the unusual way competitors rallied together. “Security is job number one for Intel and our industry. So the primary focus of our decisions and discussions have been to keep our customers’ data safe.”
Krzanich went on to assure the audience that Intel hasn’t heard about anyone using these exploits to steal customer data. And he also gave us more clarity about the company’s response, noting that it plans to fully patch its product line from the past five years by the end of the month. As for reports of fixes slowing down processors, he reiterated Intel’s line about the impact being “highly workload dependent.” Microsoft gave us a bit more insight into what that means the next day — basically, you can expect noticeable slowdowns with Intel’s chips from 2015 and earlier.
As for AMD, its CTO, Mark Papermaster, told press and analysts that it still believes there is “near zero risk” for its users. Thanks to architectural differences from Intel, the Meltdown (aka “Rogue Data Cache Load”) vulnerability doesn’t affect AMD’s chips. When it comes to the two Spectre vulnerabilities, he said Variant 1, otherwise known as “Bounds check bypass,” will be fixed through OS and software patches.
Papermaster reiterated that there’s “near zero risk” for its architecture to Variant 2, or “branch target injection.” Specifically, he noted, “vulnerability to Variant 2 has not been demonstrated on AMD processors to date.” That carefully worded statement leaves room for the possibility that hackers could come up with new exploits that take advantage of that flaw.
This CES was a particularly ill-timed launch for one of the strangest collaborations in the tech industry: Intel’s new 8th-generation Core CPU with AMD’s RX Vega GPU. When we first heard about the chip, we were intrigued by the possibilities. It finally gives computer makers the flexibility to make ultraportables with solid gaming chops. But now, with the threat of Spectre, the chip’s luster is ruined a bit. Similarly, it’s just tough to get too excited about AMD’s upcoming Ryzen desktop CPUs. Even its promising Radeon Mobile GPU, which could bring even faster performance to laptops than its Intel collaboration, is still tainted by its connection with AMD’s affected processors.
In an interview with Engadget, Jim Anderson, AMD’s Radeon head, said, “Regardless of Spectre and Meltdown, we are always focused on continuing to improve our security. … It’s key for two very important markets for us, both data center and the commercial PC market.” As for any potential performance hits, Anderson said the impact should be “negligible.” Since our chat with AMD, Microsoft has halted patches for Windows systems running the company’s chips. It turns out the update ended up bricking some machines. Microsoft blamed AMD’s documentation for not conforming with earlier instructions, and it’s unclear when the patches will resume.
It’d be bad enough if Spectre affected only individual devices, but this year at CES, tech companies also doubled down on connected platforms built on user data. LG has its ThinQ AI, and Samsung is bringing Bixby and SmartThings to more products. And on a similar front, we’re also seeing more companies integrating with smart assistants like Alexa and Google Assistant. It’ll be more important than ever to ensure that smart home platforms are secure locally in your home, and that the servers powering all of the assistants are also as secure as possible. (Google, Amazon and Microsoft all say they’ve patched their servers against known exploits.)
The worry isn’t that a hacker could discover your Netflix guilty-watch queue. Instead, there’s the potential for them to tap into smart home platforms to track your location, use your home cameras to peep on your family and access the microphones spread throughout your home. Indeed, we’ve already seen how vulnerable connected baby monitors were, which allowed people to spy on kids and potentially communicate with them. As gadgets reach deeper into our lives, so does the potential for serious attacks.
Tim Alessi, LG’s director of product marketing for home entertainment, assured us that the company has “always had a history of making our devices as secure as possible.” And when it comes to the widespread data collection that LG’s ThinQ smart devices will employ, he noted, “We’re not just collecting data for data’s sake. It’s to help people get the most out of their TVs. And, during setup, it’s very clear during the opt-in process to make their own decision.”
Article source: https://www.engadget.com/2018/01/14/spectre-meltdown-ces/