Most computer vulnerabilities come across like some sort of arcane wizardry. Tap your staff on the ground three times and speak a few lines of Forth, and the secrets of Windows will unlock. The most recent security vulnerability in Intel’s processor line is much more straight-forward.
The processor is the brain of your computer. But unlike human brains, processors have to do things in order. Check the waiting tasks, ask permission to do the task, complete the task, get the next task-over and over. Turns out, someone figured out how to insert a task after the permission stage, so the processor thinks it’s already allowed to perform that task.
What does that mean for Intel Processors? No one is really sure, but we have a few ideas. The most dangerous possibility is that all kinds of processors might be susceptible. No one ever thought there would be a way to get around that security feature, so no processor is designed to prevent that type of attack. And it’s not just computer processors-cell phones might also be vulnerable.
Fixing it isn’t an easy job, but the folks who make processors are working on a temporary solution: a BIOS flash update that will add a security check. And this will likely slow down that machine.
Most of you won’t notice that change. A lot of what you do with computers every day is done by other parts of your machine. Industries like CGI, however, are facing a real challenge. It can take months to render scenes for movies, and that rendering relies on the math ability of a processor.
No on is sure exactly how they’ll fix that, but we have an idea. Bitcoin led to a lot of interesting breakthroughs, including ASIC (Application-Specific Integrated Circuit) Mining Cards. While ASIC chips are still likely susceptible to this kind of attack, they are also pure-math powerhouse devices designed to perform checks in massive code strings. Slowing them down would still make them faster math machines than anything else out there now-assuming someone can write a driver that will let them do CAD.
Want to learn more?
TrendMicro had a great article about the current patching efforts here.
And Techcrunch has a great article about what sorts of impacts we might see here.