In January 3rd, Google group (Project Zero) zero project team published details of the chip vulnerability, a number of companies including Intel, AMD, ARM, apple, Qualcomm, IBM, in a statement, admitting that the chip is also flawed, there is a fuse (Meltdown) or (Spectre) the risk of attack.
Apple's official website said that fusing and phantom attacks apply to all modern processors, and affect almost all computing devices and operating systems, including Mac systems and iOS devices. However, so far, there has not been an example of using this vulnerability to attack consumers. Qualcomm said in January 5th that the company was developing updates on products affected by recently exposed chip - level security vulnerabilities.
Canalys analyst Jia Mo told reporters that there are mainly two vulnerabilities released by Google. They are all based on Intel, AMD and ARM processor's kernel architecture port vulnerabilities, and this vulnerability is very different from the previous ones. In terms of the impact on the industry, this is a common problem in the CPU kernel architecture in the industry.
Loopholes and big companies
Due to the continuous fermentation of chips, Intel has lost nearly 11 billion dollars in its market capitalization, and its share price fell 5.5% on Wednesday, the biggest decline since October 2016.AmazonApple,MicrosoftAnd IBM and other technology giants in this loophole in front of all.
Meltdown vulnerabilities are widely used in Intel and AMD processors. ARM's Cortex A75 is also involved, but because A75 is the core used by Snapdragon845, at present, the impact of meltdown on the mobile phone industry may not be obvious. But it is not excluded that meltdown will affect the kernel of other ARM models, such as an engineer test that has an impact on Cortex A15, A57, and A72. Jia Mo said to the reporter.
For Spectre, Jia believes that the scope of the impact is more extensive because it involves a more basic architecture. At present, the information is Cortex A8, A9, A15, A17 and A57, A72, A73, A75, which will be affected so that there will be a lot of mobile phones, such as apple.IPhoneThe series (A8, A9), and even the HUAWEI Kirin 970 used A72.
The HUAWEI chip Department insider told reporters that it was assessing the impact of the incident.
Gao Tong said that it is actively developing solutions for deploying vulnerabilities, and will continue to do its best to enhance product safety. While deploying solutions, it encourages consumers to update their devices after the patch is released.
However, the spokesman did not specify which type of Qualcomm is affected, insiders speculated that the upcoming launch of the Qualcomm snapdragon chip 845 is likely to be affected in the list, because it uses ARM Cortex A75 core, but the core precisely by the impact of vulnerability. Qualcomm shares fell about 1% in late trading on Friday.
The most " honest " is that Apple , Apple ' s claim that Melody and Spectre are related to the basic architecture of computer chips , are completely shielded from very difficult and complex , and new attack codes may bypass the existing patch software to steal confidential information stored in the memory of the chip kernel . All products that currently include Mac systems and iOS devices are affected .
In addition to the above companies, ARM admitted in January 4th that a series of Cortex architecture processors had been attacked at risk.
"This is not a problem for the Intel family, because ARM and AMD, which claims to be less problematic, have been affected. But because of the deep hiding, there is no practical evidence to prove that these two vulnerabilities have been used by hackers. And Spectre is more difficult to be used than meltdown (corresponding, because it is more difficult to repair). At present, if there is no virus software on the computer or cell phone to get related permissions to get the user's privacy information, such as account numbers, passwords, etc., hackers still have difficulty using these two vulnerabilities to destroy. Jia Mo said to the reporter.
Dancing on the edge of a cliff
From X86 to Arm, then to Power architecture, after the chip vulnerability outbreak, advanced processor spared.
Among them, the most damaging Intel mentioned in a response statement to the first financial reporter, Intel has released updates for most of the processor products launched in the past 5 years. By the end of the week, Intel's update is expected to cover more than 90% of the processor products that have been launched in the past 5 years. In addition, many operating system vendors, publicCloud serviceProviders, equipment manufacturers and other manufacturers also say they are or have updated their products and services.
In response to fusing attacks, Apple also said that the published iOS 11.2, macOS 10.13.2, and tvOS 11.2 had a preventive measure, and the Safari would be updated. To prevent phantom attacks, apple is further studying these two vulnerabilities and will release new solutions in iOS, macOS, and tvOS updates.
But the Google Google Project Zero blog shows that AMD and Arm processors are hard to escape among the first two attacks. This means that from iOS devices to SONY's PlayStation Vita, from Nvidia's Tegra chip to more manufacturers and products, there are two ways to attack, which are fusing and phantom.
Even computer architecture experts believe that the risk of fusion has been exposed and can directly steal browser passwords. The world has seen the demonstration, the risk of phantoms is also great, but no instances have been released yet.
"The whole industry is dancing on the edge of the cliff, but I think it's not going to fall." An insider said the reporter on HUAWEI hass.
At present , almost every major supplier has a response to chip issues , but there is no need to react excessively . But he also admits that big processor vendors are at risk of being attacked at this stage and should consider how to reduce the impact of the attack .
"The market may be exaggerated to some extent in the composition, system design perspective, undertake the work of safety, not only have the processor and operating system practitioners, like Infineon and NXP also offer security chip quite unique, safety performance of reinforcing system." Yao Jiayang said, for the chip manufacturers, design of the processor in the next generation, whether to renovate the basic architecture? This will be the processor practitioners must issue, after all, architecture renovation, risk can effectively improve the performance of not.