- A security vulnerability in chips made by Intel and others was discovered by Google “a couple months ago,” Intel’s CEO said.
- Intel held a hastily arranged press conference on Wednesday to address the issue, which has caused its stock to fall more than 3%.
- The company said fixes from various partners were coming in the next few days.
The widespread microprocessor flaw that lets hackers “observe” passwords and other sensitive personal data on computers was discovered by Google several months ago, Intel CEO Brian Krzanich said in an interview on CNBC Wednesday afternoon.
“We were notified by Google a while back ago, a couple months ago,” Krzanich told CNBC. Google released a blog post on Wednesday with details on its findings.
Krzanich sought to allay worries about the situation in a hastily arranged conference call with reporters on Wednesday afternoon, stressing that there haven’t been any known instances of hackers actually exploiting the vulnerability, and promising that fixes were on the way.
The revelation of the security flaw sent Intel’s stock tumbling on Wednesday. Initial reports indicated that the security flaw was limited to Intel processors, but chipmaker ARM has since said that chips based on its technology are also affected.
Krzanich said that Intel was working with other companies to come up with a fix, including “OS partners,” as well as rival chipmakers AMD and ARM.
Intel expects fixes to start rolling out in the next few days, with further fixes coming over several weeks.
Negative performance impacts
Intel stated that its chips are working as specified, which suggests that the “flaw” can be more accurately described as an “exploit” that attackers could take advantage of.
Intel said that attackers could “observe content” stored in a PC’s secure memory by circumventing security measures that are currently in place. That content includes sensitive information, including passwords and encryption keys. In this particular case, attackers would only be able to observe sensitive data rather than writing any data that could allow them to take control of a computer or make any malicious changes.
The exploit can be achieved using malware, which is a common way attackers can gain access to computers and sensitive information stored within.
Intel, AMD, ARM, original equipment manufacturers, and operating system vendors (Intel did not specify which vendors those are), have been collaborating to come up with fixes and mitigations for the issue since the discovery of the flaw. Fixes will involves software and firmware updates on both the hardware and the software sides.
Those fixes could lead to some negative impacts on performance, but Intel didn’t elaborate how much of an impact we can expect. It said that the impacts are “workload dependent” and “average users” should only see limited or negligible impacts on performance.
A report earlier on Wednesday said that Windows PCs could suffer from a performance slowdown of up to 30% once the updated Microsoft software was installed on affected machines.