Did I do that? Intel is going to make a killing fixing its own Meltdown

intel could make billioins off meltown specture insecure exploits safe
Ethan Miller/Getty Images
Intel CEO, Brian Krzanich (Ethan Miller/Getty Images)

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.

Intel dropped the ball on Meltdown and Spectre. Or it might be more accurate to say Intel saw the ball, caught it, and then buried it under some shrubs hoping you wouldn’t notice. For everyday customers, that’s a problem without an easy solution. Now, it’s poised to profit off of its decision to sell critically flawed products to an unwitting populace.

Quick recap

If you’re unfamiliar, Meltdown and Spectre are exploits which affect your computer’s processor. They’re two different, but related, exploits which take advantage of ‘speculative execution’ an optimization method used on essentially every computer processor manufactured in the last 20 years. Yes, that means almost every processor sold in the last two decades is vulnerable to these exploits — including the one in your smartphone, the one in your desktop, and the one in that old student laptop you used in college.

insecure intel exploits meltdown spectre

It’s a big deal. The Meltdown and Spectre exploits were discovered in early 2017, and they were first disclosed to Intel, AMD, and ARM on June 1, 2017 by Google Project Zero researcher Jann Horn. Following the disclosure, each company started reaching out to its corporate customers and notifying them of the vulnerabilities. Everyone was scrambling to both find a fix and to keep it secret, because as long as the vulnerabilities remained private they were less dangerous to the public. That meant more time to find a fix.

The vulnerabilities weren’t disclosed to the public until January 3, 2018, though there were some rumors swirling a bit earlier than that because of all the sneaky security patches flying around.

To sell or not to sell

Why does that mean Intel dropped the ball? Simple. This timeline means Intel — and to be fair, AMD and ARM — spent around seven months of 2017 marketing, advertising, and selling products they knew to be critically flawed. They also knew that the only way to fix these products meant cutting down their performance.

If you bought a processor, desktop, or laptop in the last year it is now slower than it was when you bought it because of these security patches. That means it’s not living up to its promised performance, and Intel, AMD, and ARM know that. They knew it last year with every device they sold.

Cashing out

Every Intel processor currently humming away in a personal computer, enterprise server, or government workstation is slower and less secure than these upcoming Intel processors, these processors designed to overcome a huge security flaw. With one hand Intel sold products it knew were flawed, and with the other started making a product that would mitigate those flaws.

Intel spent around seven months marketing, advertising, and selling products it knew to be critically flawed.

That’s like buying a car, finding out the locks don’t work, and that the only fix is cutting your fuel efficiency by as much as 31 percent. Oh, and then discovering the guy who sold you the car knew and didn’t tell you. But don’t worry, he’s got a brand-new model that fixes all those problems for one low, low price.

These upcoming processors could very likely be Intel’s best-selling products to date, they’ll not only be faster than their predecessors, but they’ll be more secure. Intel stands to make potentially billions of dollars off of a fix to a problem it helped create.

Naturally, not everyone with an affected processor is going to run out and buy a new one, but you know who will? Enterprise customers, government agencies, anyone for whom security is not optional. Upgrades are no longer going to be a matter of speed for these customers, but security.

intel exploits meltdown specture processor
Intel
Intel

How many computers are currently in use by the U.S. State Department, or Department of Defense? The U.S. alone has dozens of agencies which will see these upgrading to these new processors as a matter of national security. Add on to that the number of similar agencies which exist in every other country in the world and you can start to get some idea of what kind of windfall Intel stands to gain. And if Intel is the first company to roll out chips with hardware-level fixes to Meltdown and Spectre without any performance loss? This year’s market share losses could very well be reversed, and that’s not good news for AMD or ARM.

Speaking of which

Is it fair to pick on Intel when AMD and ARM also continued to sell products they knew were flawed? That’s a good point, AMD and ARM both continued to sell products they knew were flawed after they were told about the exploits. There are a couple key differences which make Intel a fair target over its smaller competitors.

It’s disappointing that these companies are poised to make a killing off of a problem they helped perpetuate.

Intel’s handling of Meltdown and Spectre has been troubling — as the number of lawsuits currently pending against the microprocessor giant can attest. First, we have the issue we’ve already harped on quite a bit, Intel continued to sell processors it knew were flawed, but there’s more.

Intel didn’t disclose the Meltdown and Spectre exploits to customers in the U.S. government, like the National Security Agency or Department of Homeland Security. Both of these agencies found out about Meltdown and Spectre the same way you and I did, through news reports on or after January 3, 2018. Granted neither AMD nor ARM reached out to government agencies either, so they’re almost as culpable here. Almost. How many of those government desktops, laptops, and servers are running AMD processors? Precious few. Intel’s share of the CPU market is around 80 percent, AMD is closer to 20 percent.

AMD, ARM, and Intel may not have reached out to government agencies but you know who Intel did inform of the exploits though? A handful of private companies, including Lenovo and Alibaba which are based in China. Geopolitical concerns aside, failing to warn government agencies — not just U.S. government agencies — of a potentially catastrophic security exploit is problematic at best, especially when your company represents nearly 80 percent of the CPU market.

Another brow-raising facet of Intel’s Meltdown and Spectre response, Intel CEO Brian Krzanich initiated an unusually large stock sale after learning of the exploits in June. He claims the sales were pre-scheduled and unrelated, but Bloomberg’s reporting on the matter suggests that may not be the case. Krzanich changed his automated stock-sale habits in 2017, and sold a much larger share of his Intel stock than he had in past years.

What can we do?

The disclosure that new processors are on their way, insulated against the exploits, should be good news but it feels wrong. AMD and ARM have yet to announce whether or not their upcoming processors will feature hardware-level fixes to the Meltdown and Spectre exploits, but they likely will in the next year or so, if not this year.

It’s disappointing that these companies are poised to make a killing off of a problem they helped perpetuate. You almost want to vote with your wallet right? Well, it’s hard to take your money elsewhere when these companies are the only game in town.

Computing

Is your PC safe? Foreshadow is the security flaw Intel should have predicted

Three new processor vulnerabilities have appeared under the 'Foreshadow' banner. They're similar in nature to Meltdown and Spectre, only they steal data from different memory spaces. Here's everything you need to know.
Product Review

Asus ZenBook 3 Deluxe (late 2017) review

As our Asus ZenBook 3 Deluxe (late 2017) review shows, adding an 8th-gen Intel Core processor to an excellent thin and light chassis makes for a great combination.
Product Review

Recent production woes make the Eve V a worse buy than it once was

Our Eve V review looks at a crowdsourced detachable tablet that checks some boxes for its backers. Its delay in making it to the market holds it back in some areas, and Eve Technology is an unknown quantity.
Smart Home

White-hat Chinese hackers turn Alexa into a spy, briefly

A team of Chinese researchers revealed this week that they were able to use a cracked Amazon Echo to exploit a series of Alexa interface flaws to take control over an unteuched Echo running on the same network.
Computing

With Q#, Microsoft is throwing programmers the keys to quantum

Quantum computers aren’t yet practical, but Microsoft has already developed a programming language for them. Q# works inside Visual Studio, just like most other languages, and could offer a gateway into the weird world of quantum physics.
Computing

Here's how to convert an MP4 to an MP3 file with online and offline tools

Sometimes you just want the audio without the video. In this guide, we'll show you how to convert an MP4 to an MP3 using web-based software and dedicated programs for both Windows and MacOS.
Computing

Art-inspired face blurring can obscure identity without losing humanity

Researchers have developed an AI-generated anonymity system that “paints” over video frames, using inspiration from masters like Picasso and Van Gogh to reimagine a person’s appearance. The goal is to minimize outer resemblance but…
Computing

Crypto-intrigued? Here's how to buy Bitcoin for the first time

Is it time to purchase your first Bitcoin investment? If you're ready to get involved in the cryptocurrency, we'll walk you through how to pick an exchange, how to choose the right wallet, and how to buy Bitcoin the safe way!
Product Review

Dell's classic 4K P2715Q monitor still holds up today

The Dell P2715Q might not be the most modern of 4K displays, but its IPS panel, extensive connectivity, and easily adjusted stand make it more than competitive with the newest crop of screens.
Computing

Style up your MacBook Air with one of these great cases or sleeves

Whether you’re looking for added protection or a stylish flourish, you’re in the right place for the best MacBook Air cases. We have form-hugging cases, luxurious covers and padded sleeves priced from $7 to $130. Happy shopping!
Cars

Nvidia ‘more than happy to help’ if Tesla’s self-driving chip doesn’t pan out

After Tesla CEO Elon Musk announced the intention to use an in-house Autopilot chip, Nvidia CEO Jensen Huang responded to an analyst's question, saying that if the Tesla chip doesn't work out, he'd be more than happy to help.
Emerging Tech

Awesome Tech You Can’t Buy Yet: inflatable backpacks and robotic submarines

Check out our roundup of the best new crowdfunding projects and product announcements that hit the Web this week. You can't buy this stuff yet, but it sure is fun to gawk!
Product Review

Dell's XPS 15 is the PC every laptop wishes it could be

Not everyone needs the power that a laptop like the Dell XPS 15 provides. But if you need a computer that can handle the heavy workload you use every day, the XPS 15 might be the best you can buy.
Computing

Reluctant to give your email address away? Here's how to make a disposable one

Want to sign up for something without the risk of flooding your inbox with copious amounts of spam and unwanted email? You might want to consider using disposable email addresses with one of these handy services.