Intel CEO says fixes for serious chip security flaws are on the way
Intel Corp. has big plans to steer toward new business in self-driving cars, virtual reality and other cutting-edge technologies. But first it has to pull out of a skid caused by a serious security flaw in its processor chips, which undergird many of the world’s smartphones and personal computers.
Intel Chief Executive Brian Krzanich opened his keynote talk Monday night at the annual CES gadget show in Las Vegas by addressing the hard-to-fix flaws disclosed by security researchers last week. At an event known for its technological optimism, it was an unusually sober and high-profile reminder of the information security and privacy dangers lurking beneath many of the tech industry’s wonders.
Some researchers have argued that the flaws reflect a fundamental hardware defect that can’t be fixed without a recall. But Intel has pushed back against that idea, arguing that the problems can be “mitigated” by software or firmware upgrades. Companies including Microsoft and Apple have announced efforts to patch the vulnerabilities.
And Krzanich promised fixes in the coming week to 90% of the processors Intel has made in the past five years, consistent with an earlier statement from the company. He added that updates for the rest of those recent processors should follow by the end of January. Krzanich did not address the company’s plans for older chips.
To date, he said, Intel has seen no sign that anyone has stolen data by exploiting the two vulnerabilities, known as Meltdown and Spectre. The problems were disclosed last week by Google’s Project Zero security team and other researchers. Krzanich commended the “remarkable” collaboration among tech companies to address what he called an “industry-wide” problem.
Meltdown is believed to primarily affect processors built by Intel, but Spectre also affects many of Intel’s rivals. Flaws affecting the processor chips also endanger the PCs, internet browsers, cloud computing services and other technology that rely on them. Both bugs could be exploited through what’s known as a side-channel attack that could extract passwords and other sensitive data from the chip’s memory.
Krzanich himself has been in the spotlight over the security issue after it was revealed that he had sold about $39 million in his own Intel stock and options in late November, before the vulnerability was publicly known. Intel says it was notified about the bugs in June — months before Krzanich sold the shares.
The Santa Clara, Calif., company didn’t respond to inquiries about the timing of Krzanich’s divestments, but a spokeswoman said it was unrelated to the security flaws.
During his presentation Monday, Krzanich also launched into a flashy and wide-ranging celebration of the way Intel and its partners are harnessing data for futuristic innovations, such as 3-D entertainment partnerships with Paramount Pictures, virtual-reality collaborations with the 2018 Winter Olympics and a new breakthrough in so-called quantum computing.
A self-driving Ford Fusion rolled onto the stage of the casino theater where Krzanich gave his talk. It’s the first of a 100-vehicle test fleet run by Mobileye, the Israeli software company that Intel bought for $15 billion last year. Mobileye processes the information cars “see” from cameras and sensors.
A flying taxi — the German-built Volocopter — later lifted off from the stage. Then came drones, in a musical performance that Krzanich said would mark a Guinness record for the “world’s first 100-drone indoor light show without GPS.”