Intel’s chips are still vulnerable, and the new Ice Lake won’t patch everything

intel ice lake wont rid spectre insecure
Intel

(in)Secure is a monthly column that dives into the rapidly escalating topic of cybersecurity.

The Spectre and Meltdown processor vulnerabilities loomed over Intel’s 2018 like an incoming snowstorm. Though speculative in nature, they affected nearly every computer with an Intel chip inside. There was no escape.

In 2019, the company just wants to move on. It wants to focus on the exciting performance gains made by new generations of chips. But moving on won’t be that easy. With so many CPUs from the past decade relying on branch prediction to enhance performance each generation, many believe that only fundamental hardware changes inside the most popular CPUs from the likes of Intel will ward off these bugs forever.

With Intel so quiet about what’s coming with its next generation of Ice Lake CPUs though, it may be that we’re far from a permanent fix. In fact, these kinds of problems may never be truly thwarted.

Beyond microcode

The earliest fixes Intel implemented against Spectre and its variants were microcode tweaks which appeared throughout the first half of 2018. These changes weren’t particularly well received because of their impact on performance.

“The microcode patches that were put out had a fairly significant performance impact because they were disabling pieces of hardware and changing things in ways that weren’t the intent when the chip was designed,” Rambus senior technology advisor, Paul Kocher explained to Digital Trends. He went on to highlight that many manufacturers of commercial products, like his own Microsoft-made Surface Pro, specifically avoid implementing some of these fixes because of how impactful they are on performance.

Ice Lake CPUs were slated as the first to receive hardware mitigation for speculative execution vulnerabilities.

The first hardware fixes Intel implemented against Spectre and its ilk — including variant three, otherwise known as Meltdown — came with the launch of its eighth-generation Whiskey Lake “U-Series.” Those were low-power chips aimed squarely at the laptop market, but Intel followed up with the same hardware-level fixes in its desktop-targeted ninth-generation Coffee Lake R CPUs.

That launch also coincided with the release of software and microcode fixes for other variants of Spectre.

While far from exhaustive, these hardware fixes were a welcome announcement from Intel considering it had previously slated the 10nm Ice Lake CPU line as the first to receive hardware mitigation for speculative execution vulnerabilities.

Since then though, Intel has been rather quiet on what Ice Lake will have in place as far as hardware fixes go. Officially unveiled at CES 2019, Ice Lake has been talked up in terms of its die shrink to 10nm (leapfrogging the now seemingly defunct Cannon Lake entirely) as well as its native support for Wi-Fi 6 and Thunderbolt 3.

But no talk of Spectre fixes was in earshot.

What new defenses will Ice Lake have?

Intel is staying quiet on what kind of hardware protections we can expect out of Ice Lake.

“In 2019, we’ll of course continue to integrate hardware-based mitigation into future products, and we’re doing so in a way that maintains the associated software interfaces we introduced with the initial mitigations in 2018,” Intel’s senior director of Intel product assurance and security, Bryan Jorgensen told Digital Trends. “Existing processor security features like supervisor-mode execution protection (SMEP), supervisor-mode access prevention (SMAP), and execute disable bit can also increase the difficulty of launching a successful attack.”

He went on to highlight the work Intel was doing with its software and hardware partners to enable protective measures like encrypted memory to further enhance PC security.

intel ice lake wont rid spectre insecure chip
Intel senior vice president in the Client Computing Group, Gregory Bryant, displays an Ice Lake system-on-chip at CES 2019 Walden Kirsch/Intel Corporation

Only those working with Intel really know what the chip giant has planned for Ice Lake, but Rambus’ Paul Kocher believes he has a pretty good insight from talking with engineers over the past year. It can get technical, but distinguishing these different strands of the vulnerability are important for knowing exactly what Intel can and can’t do with Ice Lake.

The most important improvement he thinks we’ll see with Ice Lake is a mitigation of Intel’s earlier mitigations. The model specific registers (MSR) like IBRS, which Intel offers to software developers as an optional fix for Spectre problems, will either be implemented in the hardware or modified so that the performance impact is negligible. That’s great news.

“They’ve created these MSRs but right now the performance you get from leaving the protections enabled and using them in the operating system is so large that people aren’t generally using them widely,” he said. “I suspect with the new processors they will fix that. They’ll make them run with high enough performance that it’s safe to leave them enabled all the time.”

That should mean Spectre variant two is taken care of — and without the performance cut. Spectre variant three, otherwise known as Meltdown, will also be shored up much more securely, he said. Fixing that issue is pretty straightforward, he said, so not seeing a pretty permanent fix for it in Ice Lake would be a surprise. Better yet, doing so should “reclaim the performance overhead that was introduced by those operating system changes.”

That’s good, right?

Spectre fixes, particularly at the hardware level or at least without performance overheads are indeed a good sign that Intel continues to take these exploits paths seriously. In early January, Wired profiled the “Elite team” within Intel, which is going after these problems and trying to find smart workarounds for them.

The problem is that these fixes don’t go far enough. As far as Kocher sees it, Intel has no concrete plan for fixing Spectre variant one. The only proposed solution that he’s caught wind of pushes the problem onto software developers and asks them to input what’s known as an “LFENCE” command within an application every time there’s an “if” statement within its coding.

Not only does that have a major performance impact, Kocher said, but it’s required of new and legacy software. In theory, to protect against Spectre in this manner, every piece of software that runs on modern PCs, both Windows and MacOS would have to be rewritten with this fix in mind. It’s completely unrealistic.

“Spectre is an unmitigated risk that will be lingering for a long time.”

“From what I know of Intel’s roadmap for the next few years, there’s not a clear solution that’s been put forward,” Kocher said. “It’s an unmitigated risk that will be lingering for a long time.”

Worse still, Kocher believes that there is little in the future of CPU chip design at a variety of companies which will ward of these kind of speculative bugs. His view of the future sees many manufacturers using lots of speculative optimizations to further enhance performance, which leaves them vulnerable to these sorts of attacks.

Fortunately, it’s not a problem

The only silver lining to all this is that for the average person, Spectre and its fellow branch misdirection exploits are the least of our security worries. There are far easier ways for nefarious hackers to infiltrate systems. Malware and social engineering have been successful attack vectors for decades and that seems unlikely to change any time soon.

That’s not the case for everyone though. We asked Kocher if there was any point in upgrading to Intel’s Ice Lake purely for security purposes. His answer depends on who you are.

“If you’re a cloud provider and you’re mixing workloads between customers on the same processor or god forbid even using hyperthreading to run malicious workloads simultaneously within the same core,” he said. “Within those environments the security implications are very different and any upgrades put in may be extremely important.”

Spectre and its contemporaries will likely remain a looming apparition over the CPU industry for years to come, and it’s something that bears remembering it exists. But if you want to improve your chances of avoiding being hacked, there are are certainly more things to worry about than any potential fixes Ice Lake might bring to the table.

Smart Home

I have seen the future, and it’s full of salad-making robots

Think that robots bussing tables, tossing salads and baking bread is a futuristic concept? It's actually not as far away as you might think. Robots took center stage at a food robotics summit in San Francisco this week, where they showed…
Movies & TV

Clip from John Wick: Chapter 3 confirms the dog is totally fine

John Wick: Chapter 3 — Parabellum, the third installment of the wildly successful action series that stars Keanu Reeves as a deadly assassin forced out of retirement, hits theaters in May 2019. Here's everything we know about it so far.
Gaming

Xbox One X vs. PlayStation 4 Pro: Which console is more powerful?

Far from cooling down, the console wars are only getting more intense. We compare Microsoft's Xbox One X to Sony's PlayStation 4 Pro to help you decide which premium console is right for you.
Social Media

No more moon showers as Facebook Messenger’s dark mode gets official rollout

Facebook Messenger launched a dark mode last month, but to activate it you had to message the crescent moon to someone. Now it's been rolled out officially, and it can be accessed in a far more sensible way — via settings.
Computing

Here's how you can download the best free music players for your Mac

Tired of your Mac's default music player? Take a look at our picks for the best free music players available for your Apple rig. Whether you're a casual listener or an audiophile, you're sure to find something that fits your needs here.
Computing

Want to make calls across the internet for less? Try these great VOIP services

Voice over IP services are getting more and more popular, but there are still a few that stand above the pack. In this guide, we'll give you a few options for the best VOIP services for home and business users.
Computing

AMD’s 2020 Ryzen CPUs could have a big boost in power efficiency

The sequel to AMD's Zen 2-based Ryzen 3000 CPUs is slated for a 2020 release and when it arrives, could leverage the new Zen 3 architecture to deliver impressive gains to performance and power efficiency.
Gaming

Transform into the ultimate leader with our tips and tricks for Civilization 6

Civilization VI offers both series veterans and total newcomers a lot to chew on from the get-go. Here are some essential starting tips to help you master the game's many intricacies.
Computing

The iPhone’s Screen Time and Siri Shortcuts could land on Macs this year

For its desktop computers, it appears that Apple may continue to draw from the iPhone for inspiration. iOS 12 features, like Screen Time and Siri Shortcuts, are believed to be making their way to MacOS this year at WWDC in June.
Computing

Dell slashes prices of XPS 13 and Alienware 17 laptops in latest promo

Dell's latest promotion will score you big savings on the XPS 13 or the Alienware 17. The stylish XPS 13's discount is for $430, and only the rose gold model is on sale, while gamers who choose the Alienware 17 will save $860.
Computing

Lenovo’s Yoga C930 sale drops a $650 discount on its 2TB SSD laptop

Lenovo is offering one of its 2-in-1 laptops at a $650 discount. This Lenovo Yoga C930 laptop comes with a 2TB solid-state drive, a digital pen, a fingerprint reader, and a Dolby Atmos sound bar.
Computing

You won't want to miss these deals on some of the best laptops around

Whether you need a new laptop for school or work or you're just doing some post-holiday shopping, we have you covered: These are the best laptop deals going right now, from discounted MacBooks to on-the-go gaming PCs.
Deals

The best Amazon Prime Day 2019 deals: Everything you need to know

Amazon Prime Day 2019 is still a few months off, but it's never too early to start preparing. We've been taking a look at the best discounts from previous Prime Days to give you our predictions of what to expect this year.
Computing

These business machines can rival any consumer laptop in style and function

These laptops have the reliability, performance, and battery life you need whether you're at your desk or flying across the country for a meeting, letting you to revel in a function-first approach.