Today will be a crucial test of the market’s response to news of a massive security vulnerability that affects chips made by Intel, as well as a separate problem that hits all microprocessors, regardless of manufacturer.
News of the Intel security problem, known as the “Meltdown” bug, sent the company’s stock price plunging 3.5% yesterday (Jan. 3). The stock recovered by the end of the session, but it’s down around 1.7% in pre-market trading today.
On the heels of the news about the vulnerabilities were reports this morning that Intel chief executive Brian Krzanich made $25 million from selling Intel stock in late November, when he knew about the bugs, but before they were made public.
Meanwhile, rival chip-maker AMD’s stock price was up as much as 5% in yesterday’s trading, before closing the session flat. The stock is up 2.6% in pre-market trading today.
The Meltdown bug means Intel chips dating back to 1995 could be exploited for unauthorized access to their memories. That means passwords, photos, and other content could be accessed by hackers. The other bug, dubbed “Spectre,” gives hackers similar access although it is more difficult to execute, and it affects all modern microprocessors, not just those made by Intel.
The potential for damage from the security loopholes, which were discovered by researchers at a number of companies and universities including Google and the University of Pennsylvania, remains unclear. The chip-makers have issued contradictory statements downplaying the severity of the bugs, but security experts are less sanguine.
Independent security researcher Lukasz Olejnik pointed out that although the bugs are currently difficult to execute, now that they are public, malicious parties will develop increasingly effective ways to carry them out. He points to the potential for the bugs to be triggered through website code, mentioned in the paper released by the researchers, as one cause for concern. “I think it’s fair to expect these techniques to definitely improve,” he said. “But it’s difficult to estimate how soon and to what extent.” There’s currently no evidence that the bugs have been successfully exploited.
Intel issued a statement yesterday denying that the Meltdown bug is unique to its chips, and claimed the problems “do not have the potential to corrupt, modify or delete data.” It also said it was working with other chip and operating-system makers to fix the problems. Intel’s claim that it is working with other chip-makers including AMD prompted the latter to reply that its products were unaffected. The company said in a statement that its product designs meant that there is a “near zero risk to AMD processors at this time.”
Whatever the case may be around the hardware, software makers aren’t taking any chances. Microsoft, Apple, and the Linux open-source community are releasing fixes that will be implemented in their respective operating systems. The trade-off is that these fixes are expected to slow computers down by as much as 30%. It’s not a great time to have Intel inside your machine.