Intel says broad range of chips are vulnerable to hack, downplays impact

Intel Corp. confirmed a report that its chips contain a feature that makes them vulnerable to hacking, though it said other companies’ semiconductors are also susceptible.

Intel is working with chipmakers, including Advanced Micro Devices Inc. and ARM Holdings, and operating system makers to develop an industrywide approach to resolving the issue, the company said Wednesday in a statement. Intel said it has begun providing software to help mitigate the potential exploits. Computer slowdowns caused by the software “should not be significant and will be mitigated over time,” Intel said.

“Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed,” the Santa Clara-based company said. “Intel believes these exploits do not have the potential to corrupt, modify or delete data.”

Intel’s microprocessors are the fundamental building block of the internet, corporate networks and PCs. The company has added to its designs over the years, trying to make computers less vulnerable to attack, arguing that hardware security is typically tougher to crack than software. Reports about exploits caused by a “bug” or a “flaw” that are unique to its products are incorrect, Intel said.

“The techniques used to accelerate processors are common to the industry,” said Ian Batten, a computer science lecturer at the University of Birmingham in England who specializes in computer security. The fix being proposed will definitely result in slower operating times, but reports of slowdowns of 25% to 30% are “worst case” scenarios, he said.

Intel’s stock pared earlier losses after the announcement. The shares declined 3.4% to $45.26 at the close in New York. Competitor AMD, the only other maker of processors for computers, jumped 5.2% to $11.55.

On Tuesday, the Register technology website said a bug lets some software gain access to parts of a computer’s memory that are set aside to protect things like passwords. All computers with Intel chips from the past 10 years appear to be affected, the report said.

The vulnerability may have consequences beyond just computers, and is not the result of a design or testing error. All modern microprocessors, including those that run smartphones, are built to essentially guess what functions they’re likely to be asked to run next. By queuing up possible executions in advance, they’re able to crunch data and run software much faster.

The problem in this case, according to people familiar with the issue, is that this predictive loading of instructions allows access to data that’s normally cordoned off securely. That means, in theory, that malicious code could find a way to access information that would otherwise be out of reach, such as passwords.

King and Cao write for Bloomberg.

UPDATES:

1:50 p.m.: This article has been updated with Intel’s explanation of its chips’ security vulnerability.

This article was originally published at 12 p.m.