A report that Intel Corp. chips are vulnerable to hackers raised concerns about the company’s main products and brand.
On Tuesday, the technology website The Register said a bug lets some software gain access to parts of a computer’s memory that are set aside to protect things like passwords. All computers with Intel chips from the past 10 years appear to be affected, the report said, and patches to Microsoft Corp.’s Windows and Apple Inc.’s OS X operating systems will be required. The security updates may slow down older machinery by as much as 30 percent, according to The Register.
Flaws in the designs of microprocessors, which go through rigorous testing and verification, are usually easily fixed by patches in the code that they use to communicate with the rest of the computer. But if the error can’t be fixed easily in software, it could be necessary to redesign the chip, which can be extremely costly and time consuming.
Intel is expected to release a statement, but hasn’t yet commented on the issue. Historically, the way companies respond to such issues and how quickly they address them has determined how big the problem becomes.
“This is a potential PR nightmare,” said Dan Ives, head of tech research at GBH Insights. “They need to get ahead of this and try to contain any of the damage to customers as well to the brand.”
The report hit Intel shares, which fell as much as 5.5 percent, the steepest drop since October 2016. It gave a boost to rivals Advanced Micro Devices Inc., which surged as much as 8.8 percent, and Nvidia Corp., which jumped 6.3 percent.
The vulnerability may have consequences beyond just computers, and may not be the result of a design or testing error. All modern microprocessors, including those that run smartphones, are built to essentially guess what functions they’re likely to be asked to run next. By queuing up possible executions in advance, they’re able to crunch data and run software much faster.
The problem in this case, according to people familiar with the issue, is that this predictive loading of instructions allows access to data that’s normally cordoned off securely. That means, in theory, that malicious code could find a way to access information that would otherwise be out of reach, such as passwords.
Chip design flaws are exceedingly rare. More than 20 years ago, a college professor discovered a problem with how early versions of Intel’s Pentium chip calculated numbers. Rival International Business Machines Corp. was able to make use of the finding and claim Intel products would cause frequent problems for consumers’ computers. While that didn’t happen, Intel had to recall some chips and took a charge of more than $400 million.
Intel’s microprocessors are the fundamental building block of the internet, corporate networks and PCs. The company has added to its designs over the years trying to make computers less vulnerable to attack, arguing that hardware security is typically tougher to crack than software.
The Santa Clara, California-based company’s chips have more than 80 percent market share in PCs overall and more than 90 percent in laptops and servers.
Programmers have been working for two months to try to provide a software patch that addresses the issue, The Register said, adding that Microsoft was expected to release a fix soon.