Do you have a computer with an Intel CPU or run a website? If so, you are almost guaranteed to have been affected by two huge vulnerability flaws, potentially revealing all of your sensitive information, such as cryptographic keys, passwords, or files.
Discovered independently by several groups of researchers, they affect seemingly all Intel chips made since 1995.
What do these bugs do? Are you affected? Should you immediately throw away your Intel computer?
Let's find that out.
What are these bugs?
The discovered bugs are called Meltdown and Spectre. Meltdown - because it melts security boundaries, and Spectre, because it's a ghost, tricking processors into doing things they shouldn't be doing.
In simple terms, the two bugs use the errors in CPU features to see the private information and make the computers do the tasks they want.
Intel has reacted swiftly to fix these errors - but as time has shown, things were not as simple as it first seemed.
Intel doesn't know what it's doing!
When the bugs have been since announced, the CPU maker wasn't publicly taking them seriously. The early Intel response about Meltdown and Spectre has angered a lot of people, solely because it pretty much stated that the bugs do not exist.
Intel believes these exploits do not have the potential to corrupt, modify or delete data.Intel Newsroom, January 2018.
Also, the updates which Intel has issued were not supposed to visibly affect the performance of the processors.
Later on, the company statements became less and less confident, admitting that the impact of performance may be higher than previously thought. This appeared to be true, especially following the statement from Microsoft:
According to them, late-2015 and newer Intel processors with the latest software had few issues. But the combination of older software and hardware suffered some serious decrease in performance.
And that's not the end - the early updates had people noticing not only drops in performance, but also the computers spontaneously rebooting. Intel had advised users to skip the patch and wait for the new one to be released.
In short, Intel has said that the problem doesn't exist - then said that solutions to the non-existent problem were so bad, they shouldn't be used.
And this doesn't stop there. Despite the patches being released, problems continued well into the year. In May, Microsoft, Google, and Intel have disclosed a couple more new chip vulnerabilities. Further updates to fix that have been released.
But it already looks clear that those issues won't disappear so easily - and that they were a systematical error, which might bug us for years to come.
What effect are Meltdown and Spectre having?
In short - Meltdown and Spectre can be used to hack into a system. But the real effect is seen in the Intel fixes instead.
If you're a website owner, you might have noticed some changes in the server performance - because the hosting companies sure did. This information comes from Hostwinds, one of our top-reviewed web and cloud hosting providers.
When asked about the issue, CEO Peter Holden has noted that there were some challenges:
We did notice slight increases in overhead on existing at capacity nodes. We just added new nodes, and migrated clients around to ensure that the service experience is consistent across our infrastructure. We also took the time to apply the recommended bios updates to our impacted servers. This helps to keep our clients secure.Peter Holden, CEO of Hostwinds
To put it in simple terms, Hostwinds has noticed a slight change in performance. It has been solved by adding extra resources and optimizing the accounts in the server, so the overall experience doesn't change by much. Also, there were software updates applied, which would help fix the issue in terms of software.
Another proof real-world effect came from Epic Games - creator of the video game Fortnite. The company has announced that the online platform is experiencing problems. The reason for that? Intel's fixes for the meltdown patch.
In a publicly released picture, we can see the issues their servers had after the first patch.
Here's how different cores act after an update. It appears that one of them (#1) has increased its usage because it is stopping the discovered leak.
So this is where those "performance issues" were coming from!
Overall though, it looks pretty clear. Both your favorite games and hosting providers have most likely felt the negative effect of Meltdown and Spectre bugs. But with a bit of extra work and care, everything appears to have been solved.
What hasn't been solved, however, is Intel's reputation. To be fair, it is no surprise to see the online communities absolutely angry at them.
Here, the notoriously-vocal founder of Linux, Linus Torvalds has been absolutely furious. In a message in Linux kernel mailing list, he was expressing his frustration:
As it is, the patches are COMPLETE AND UTTER GARBAGE. They do literally insane things. They do things that do not make sense. <....> The patches do things that are not sane.
WHAT THE F**K IS GOING ON?Linus Torvalds, Linux Kernel Mailing List, January 2018.
What can you do to avoid Meltdown and Spectre?
Looking to stay protected against Meltdown and Spectre, and thinking about what can you do? In short - you can't do much.
Tech companies have released patches to stop Meltdown and Spectre from causing any additional damage, so make sure your computers are updated to the latest software.
- Windows have released an emergency update in January 2018 and an additional update in May 2018 - we strongly recommend updating your software to the latest version.
- For Mac users, there are bug protections in the macOS version 10.13.2 - so update as well.
- Chromebook users shouldn't be overly worried - they should be automatically updated to Chrome OS 63, which includes all the needed security patches.
If you're a website owner and wish to protect your data, make sure to contact your hosting provider and ask about the measures they've applied. Hosting providers were quick to react and updated as soon as possible. It's no surprise. After all, Meltdown and Spectre attacks work with data going from one part of a computer to the other.
So, if a single device is shared between multiple users, the likely damage multiplies, as a hack affects all of them.
Therefore, changes have been made. cPanel, DirectAdmin, and Plesk panels, running on Intel CPUs, have also been updated to latest kernels. If you're a website owner, currently, there's no serious danger.
What's next for Intel?
For now, Intel's future looks uncertain. The fight against these bugs continues, but it's a tough one. They affect most of the processors built after 1995, and there are still loads of active devices which are in trouble - some of them might be yours. So in the future, we might hear stories about the bug doing serious real-world damage. After all, new vulnerabilities keep on getting unearthed and we don't know if the issue is fully solved or if something new and critical will come along.
The fixes caused problems too, and if you own an older Intel CPU and run something like Windows 7, or 8, your computer will be noticeably slower. So for Intel users, these bugs should be a good reason to upgrade to a faster chip.
Will it be to a newer Intel model? Many users may jump ship and choose a competitor, such as AMD, which was virtually unscathed by these bugs. Considering the trust in Intel has gone down, this could be a beginning of a darker chapter in this company's history.
We will hear more about it, no doubt. Especially considering there are already several consumer class action lawsuit against Intel, which may reveal some new information and potentially hurt the company financially.
So, to sum it up, Intel has had a rough year - and it keeps getting rougher. Is it still worth trusting Intel's products? We'll have to wait and see - or change the CPU and stop worrying.