Dive Brief:
- A design flaw was found in Intel's microprocessors, causing a "redesign" of Linux and Windows kernels to get rid of the "chip-level security bug," reports The Register. Intel chips dating as far back as a decade are in jeopardy. However, a variety of processors and operating systems (OS), not just those from Intel, are at risk, according to a statement made by Intel.
- Intel is currently working with competitors such as AMD and ARM to develop a solution across the industry and its vendors. In the meantime, Intel put out software and firmware updates to deter further threats. The only patch available is at the OS level. However, at this time, AMD said its processors should have "near zero risk," reports Axios.
- Because of the industry-wide vulnerability, it is more than computers, servers and cloud OS that are vulnerable. Even cell phones and other devices are at risk. The bug is said to permit user programs, such as JavaScript, "to discern to some extent the layout or contents of protected kernel memory areas," according to The Register. The flaw could allow hackers to see inside a kernel's memory to access sensitive information of the user or exploit more malware.
Dive Insight:
Intel is facing another blow to its reputation after it was revealed in November that chips dating back to 2015 contained security vulnerabilities. Much like this new revelation, the vulnerability was primarily in modern chips.
However, the chip flaw is not exclusive to Intel products. And it was originally thought the patches would result in a 5% to 30% slow down of chip performance. It is a matter of workload that slows processing, not the update, according to Intel.
Intel was quick to jump to its own defense and admitted it was planning on announcing the flaw at a later date when more patches were available. Because of the potential scope of impacted chips, companies including Microsoft, Google and Apple, are all forced to examine what is on their products.
But the overhaul of security applications seen from these companies, including Apple's 15 year-old macOS exploit, paints a bigger picture.
Hackers are taking advantage of the supply chain to target vulnerable individuals or networks. As smaller parts of a whole, tech vendors such as Intel need to be acutely aware of the products they are providing to other tech vendors.
IT departments are now forced to evaluate who they can "trust" in terms of their software and hardware. However, even with tarnished vendor trust, IT departments will be tasked with conducting a thorough inventory of what is on their networks to prevent further damage.