SEVERE WX : Severe Thunderstorm Watch View Alerts

The computer chip debacle: Businesses are scrambling

Spectre and Meltdown, two flaws in the basic building blocks of billions of computing devices, are haunting the inter...

Posted: Jan 5, 2018 11:15 AM
Updated: Jan 5, 2018 11:15 AM

Spectre and Meltdown, two flaws in the basic building blocks of billions of computing devices, are haunting the internet.

Researchers revealed the two bombshell bugs on Wednesday that expose individuals and businesses to potential hackers. There are no reports the bugs being exploited, but now companies big and small are scrambling to update their software and devices.

Consumers who use laptops for things like email and Facebook don't need to do much besides practice basic security hygiene -- that is, update their computer, smartphone and apps when updates are made available.

But for businesses, it's a different story. Fixing the problems is a lot more complex.

These two sophisticated bugs matter especially to enterprises that deal with a lot of network traffic and considerable processing power -- things like cloud providers, retailers that process consumer transactions, and medical systems that crunch data.

The flaws affect modern processors including Intel, AMD and ARM that use "speculative execution" to enhance performance. Fixing the problems will slow a computer's performance, experts say, especially on devices more than five years old.

Related: Major chip flaws affect billions of devices

Intel said "for the average user," the performance impact on products using the processors from the last five years "should not be significant and will be mitigated over time."

Companies are rolling out fixes quickly -- including Microsoft, Amazon and Google.

But there will be stumbling blocks: On Thursday, some Microsoft Azure customers reportedly said machines failed to come back online after receiving a patch.

Some patches, including some provided by Microsoft, aren't available automatically because they can cause programs to crash, and business will need to make sure security tools like anti-virus software is compatible with the update, explained to Dmitri Alperovitch, co-founder and CTO of CrowdStrike. He anticipates most vendors will be compatible by next week.

According to the Software Engineering Institute, a U.S.-government funded body that researches cybersecurity problems, the only way to fully remove one of the vulnerabilities is to completely replace the affected processor.

But there currently are no chips available to replace the vulnerable ones with the same kind of functionality.

"The reality is it's going to take years before new chips are on the market that are able to bring back the functionality in a safe way," Alperovitch said.

Related: Hackers take advantage of bitcoin's wild ride

Once the hardware is available for companies to replace the problematic chips, it will be costly.

Updating computing systems in businesses is already time-consuming and expensive, says Wendy Nather, security strategist at Duo Security. Firms often fail to update computer systems in a timely manner, which was one reason last year's WannaCry ransomware harmed so many businesses.

But distributing and replacing processors will be even more time and cost intensive than software updates, Nather said, so not all machines may get new chips.

"Breaches will happen silently, so if systems are still performing fine, many organizations will not bother patching," Nather said. "It's not as if it were ransomware and they were facing threats of downtime."

Nather also said security executives will prioritize updating machines most vulnerable to attacks, like business-critical systems.

Researchers have already created proof of concept exploits to read passwords or other sensitive data from vulnerable computers. Experts say it's just a matter of time before malicious attackers begin to exploit the flaws. However, they would require access to the machine before being able to steal information from the computer.

"Yes, this involves millions of systems worldwide, but again it's not clear how straightforward it is to exploit these flaws just yet, and whether attackers are going to try to use this technique when they could use something much easier," Nather said.

In other words, some types of phishing campaigns, malware, and spyware could be easier to execute and more effective at stealing information. There is no evidence malicious hackers have exploited the chip flaws, though researchers said it would be difficult for investigators to know for sure.

The tech and business worlds will likely be dealing with these flaws for years to come, but experts in the security community say that while the flaws are an interesting technical find and organizations should patch as soon as possible, it's still one of countless vulnerabilities.

"In terms of real-world risk, it's another day in information security," said Kenneth White, security researcher and co-director of the Open Crypto Audit Project . "It opens up all kinds of interesting new lines of work and a lot of reassessment of fundamental assumptions we've made about hardware and security properties. For the average person, it's just about patching."

Indiana Coronavirus Cases

Data is updated nightly.

Cases: 764448

Reported Deaths: 13965
CountyCasesDeaths
Marion1049701803
Lake567981029
Allen42685698
St. Joseph37253568
Hamilton37131426
Elkhart29699470
Tippecanoe23347230
Vanderburgh23106404
Porter19538327
Johnson18755391
Hendricks18012321
Madison13463345
Clark13450198
Vigo12789255
LaPorte12533224
Monroe12494178
Delaware11100198
Howard10612237
Kosciusko9736123
Hancock8707149
Bartholomew8235157
Warrick8031157
Floyd7975181
Grant7337181
Wayne7222201
Boone7145105
Morgan6886142
Marshall6323116
Dubois6267118
Cass6083111
Dearborn598578
Noble595790
Henry5939111
Jackson514677
Shelby509097
Lawrence4901127
Gibson460696
Montgomery454492
Clinton453555
DeKalb451585
Harrison450576
Whitley414745
Huntington411781
Steuben409560
Miami404073
Jasper399455
Knox387091
Putnam383762
Wabash367383
Adams351656
Ripley350471
Jefferson340486
White338954
Daviess3084100
Wells302281
Greene292285
Decatur291493
Fayette285864
Posey280435
Scott278058
LaGrange276972
Clay273048
Washington252437
Randolph247083
Jennings238149
Spencer237531
Fountain233750
Starke229859
Owen221059
Sullivan219043
Fulton207645
Jay202832
Carroll196522
Orange190556
Perry189139
Vermillion179644
Rush177027
Franklin171635
Tipton171547
Parke153616
Pike141234
Blackford137832
Pulaski122948
Newton122436
Benton109215
Brown105743
Crawford105116
Martin92515
Warren87615
Switzerland8308
Union73510
Ohio58211
Unassigned0428

Ohio Coronavirus Cases

Data is updated nightly.

Cases: 1120922

Reported Deaths: 20467
CountyCasesDeaths
Franklin1300711493
Cuyahoga1169882259
Hamilton822191259
Montgomery533351059
Summit487911014
Lucas43688832
Butler39879614
Stark33752937
Lorain25937509
Warren24850312
Mahoning22663612
Lake21429396
Clermont20338260
Delaware19088138
Licking16820227
Trumbull16744491
Fairfield16735207
Medina15800276
Greene15468254
Clark14325308
Portage13391218
Wood13327201
Allen12026245
Richland11707213
Miami10976228
Wayne9238227
Columbiana9182236
Muskingum9114137
Pickaway8729123
Tuscarawas8706254
Marion8691140
Erie8109166
Ashtabula7264179
Hancock7039134
Ross7004165
Geauga6939153
Scioto6636108
Belmont6203179
Lawrence5905104
Union590049
Jefferson5718162
Huron5622122
Sandusky5467130
Darke5436130
Seneca5373128
Washington5352111
Athens526260
Auglaize506787
Mercer490285
Shelby480497
Knox4603112
Madison446966
Ashland441898
Defiance438099
Fulton435275
Putnam4349104
Crawford4103111
Brown408862
Preble3940107
Logan391479
Clinton387966
Ottawa374981
Highland364668
Williams355478
Champaign347560
Guernsey329554
Jackson321154
Perry298050
Morrow294543
Fayette287950
Hardin278865
Henry276967
Holmes2725102
Coshocton272461
Van Wert251465
Gallia248450
Adams247758
Pike244537
Wyandot235257
Hocking221763
Carroll200349
Paulding179342
Meigs150740
Noble137639
Monroe137445
Harrison115038
Morgan111524
Vinton87117
Unassigned03
Fort Wayne
Partly Cloudy
83° wxIcon
Hi: 87° Lo: 71°
Feels Like: 88°
Angola
Partly Cloudy
84° wxIcon
Hi: 86° Lo: 70°
Feels Like: 90°
Huntington
Mostly Cloudy
83° wxIcon
Hi: 85° Lo: 69°
Feels Like: 89°
Decatur
Partly Cloudy
83° wxIcon
Hi: 86° Lo: 69°
Feels Like: 88°
Van Wert
Partly Cloudy
85° wxIcon
Hi: 87° Lo: 68°
Feels Like: 89°
Showers and storms are possible early Sunday morning, but we'll be dry by sunrise. Partly sunny skies and hot conditions are expected for the second half of the weekend.
WFFT Radar
WFFT Temperatures
WFFT National

Community Events