The computer chip debacle: Businesses are scrambling

Spectre and Meltdown, two flaws in the basic building blocks of billions of computing devices, are haunting the inter...

Posted: Jan 5, 2018 10:15 AM
Updated: Jan 5, 2018 10:15 AM

Spectre and Meltdown, two flaws in the basic building blocks of billions of computing devices, are haunting the internet.

Researchers revealed the two bombshell bugs on Wednesday that expose individuals and businesses to potential hackers. There are no reports the bugs being exploited, but now companies big and small are scrambling to update their software and devices.

Consumers who use laptops for things like email and Facebook don't need to do much besides practice basic security hygiene -- that is, update their computer, smartphone and apps when updates are made available.

But for businesses, it's a different story. Fixing the problems is a lot more complex.

These two sophisticated bugs matter especially to enterprises that deal with a lot of network traffic and considerable processing power -- things like cloud providers, retailers that process consumer transactions, and medical systems that crunch data.

The flaws affect modern processors including Intel, AMD and ARM that use "speculative execution" to enhance performance. Fixing the problems will slow a computer's performance, experts say, especially on devices more than five years old.

Related: Major chip flaws affect billions of devices

Intel said "for the average user," the performance impact on products using the processors from the last five years "should not be significant and will be mitigated over time."

Companies are rolling out fixes quickly -- including Microsoft, Amazon and Google.

But there will be stumbling blocks: On Thursday, some Microsoft Azure customers reportedly said machines failed to come back online after receiving a patch.

Some patches, including some provided by Microsoft, aren't available automatically because they can cause programs to crash, and business will need to make sure security tools like anti-virus software is compatible with the update, explained to Dmitri Alperovitch, co-founder and CTO of CrowdStrike. He anticipates most vendors will be compatible by next week.

According to the Software Engineering Institute, a U.S.-government funded body that researches cybersecurity problems, the only way to fully remove one of the vulnerabilities is to completely replace the affected processor.

But there currently are no chips available to replace the vulnerable ones with the same kind of functionality.

"The reality is it's going to take years before new chips are on the market that are able to bring back the functionality in a safe way," Alperovitch said.

Related: Hackers take advantage of bitcoin's wild ride

Once the hardware is available for companies to replace the problematic chips, it will be costly.

Updating computing systems in businesses is already time-consuming and expensive, says Wendy Nather, security strategist at Duo Security. Firms often fail to update computer systems in a timely manner, which was one reason last year's WannaCry ransomware harmed so many businesses.

But distributing and replacing processors will be even more time and cost intensive than software updates, Nather said, so not all machines may get new chips.

"Breaches will happen silently, so if systems are still performing fine, many organizations will not bother patching," Nather said. "It's not as if it were ransomware and they were facing threats of downtime."

Nather also said security executives will prioritize updating machines most vulnerable to attacks, like business-critical systems.

Researchers have already created proof of concept exploits to read passwords or other sensitive data from vulnerable computers. Experts say it's just a matter of time before malicious attackers begin to exploit the flaws. However, they would require access to the machine before being able to steal information from the computer.

"Yes, this involves millions of systems worldwide, but again it's not clear how straightforward it is to exploit these flaws just yet, and whether attackers are going to try to use this technique when they could use something much easier," Nather said.

In other words, some types of phishing campaigns, malware, and spyware could be easier to execute and more effective at stealing information. There is no evidence malicious hackers have exploited the chip flaws, though researchers said it would be difficult for investigators to know for sure.

The tech and business worlds will likely be dealing with these flaws for years to come, but experts in the security community say that while the flaws are an interesting technical find and organizations should patch as soon as possible, it's still one of countless vulnerabilities.

"In terms of real-world risk, it's another day in information security," said Kenneth White, security researcher and co-director of the Open Crypto Audit Project . "It opens up all kinds of interesting new lines of work and a lot of reassessment of fundamental assumptions we've made about hardware and security properties. For the average person, it's just about patching."

Huntsville
Overcast
68° wxIcon
Hi: 74° Lo: 58°
Feels Like: 68°
Florence
Overcast
71° wxIcon
Hi: 74° Lo: 60°
Feels Like: 71°
Fayetteville
Overcast
66° wxIcon
Hi: 76° Lo: 57°
Feels Like: 66°
Decatur
Overcast
66° wxIcon
Hi: 75° Lo: 56°
Feels Like: 66°
Scottsboro
Scattered Clouds
66° wxIcon
Hi: 73° Lo: 57°
Feels Like: 66°
WAAY Radar
WAAY WAAY-TV Cam
WAAY Temperatures

Alabama Coronavirus Cases

Confirmed Cases: 131988

Reported Deaths: 2304
CountyConfirmedDeaths
Jefferson19123337
Mobile13122290
Montgomery8688173
Madison763075
Tuscaloosa7323114
Lee575159
Shelby571950
Baldwin508749
Marshall387943
Calhoun337439
Etowah336547
Morgan321426
Houston272722
Elmore255847
DeKalb237119
St. Clair224335
Walker224380
Talladega207726
Limestone200119
Cullman186218
Dallas174926
Franklin174528
Russell17312
Autauga169124
Lauderdale165333
Colbert160926
Escambia156425
Blount156014
Jackson151611
Chilton150227
Dale133343
Covington131127
Coffee12838
Pike11619
Tallapoosa113683
Chambers113242
Clarke105517
Marion94828
Butler91138
Barbour8387
Winston71612
Marengo70119
Lowndes64927
Pickens63814
Bibb63610
Randolph62212
Hale61528
Lawrence59220
Bullock59114
Geneva5814
Monroe5768
Cherokee56916
Clay5527
Washington54913
Perry5386
Wilcox53111
Conecuh52411
Crenshaw52331
Macon47820
Henry4754
Fayette4269
Sumter41819
Lamar3532
Choctaw34512
Cleburne3326
Greene30015
Coosa1653
Out of AL00
Unassigned00

Tennessee Coronavirus Cases

Confirmed Cases: 184409

Reported Deaths: 2233
CountyConfirmedDeaths
Shelby30155447
Davidson26017293
Hamilton914489
Rutherford903187
Knox899872
Williamson508936
Sumner470593
Wilson337343
Putnam307037
Out of TN301324
Montgomery296243
Unassigned28916
Bradley285816
Madison270156
Sevier251813
Blount244023
Maury226023
Washington217933
Robertson217233
Sullivan205431
Hamblen183825
Tipton173917
Trousdale16517
Gibson153819
Hardeman153225
Wayne14805
Bedford130916
Dyer127912
Dickson119913
Cumberland115317
Fayette114318
Anderson113311
Henderson113119
Carter112627
Weakley111819
Loudon11156
Coffee110812
Greene110737
Obion10889
McMinn106824
Jefferson106614
Macon102020
Warren10127
Monroe100116
Lawrence97011
Hardin96714
Lauderdale93615
Haywood92116
Lake9152
Franklin9137
Bledsoe8454
Roane8414
Carroll83217
McNairy81016
Cheatham79010
White7849
Rhea78111
Hawkins77016
Cocke7349
Marshall7175
Overton6805
Smith67810
Johnson6482
Henry6029
Chester5919
Lincoln5791
Giles56817
DeKalb54611
Hickman5385
Crockett51319
Marion5007
Decatur4786
Fentress4363
Claiborne4304
Campbell4193
Polk37811
Grainger3503
Union3371
Benton3329
Jackson3055
Morgan3053
Unicoi2801
Cannon2760
Grundy2495
Humphreys2323
Sequatchie2233
Meigs2213
Clay2105
Scott2002
Houston1860
Lewis1771
Stewart1752
Moore1541
Van Buren1530
Perry1460
Hancock1063
Pickett982

Community Events