Tech groups like Amazon, Facebook and Alphabet are attracting increasing political heat for their dominance of markets like e-commerce, social media and web search. But a recently discovered security flaw in chips made by Intel, Advanced Micro Devices and ARM highlights another important concern: bugs potentially affecting hardware found in the majority of computing devices. Scale helps justify the massive investment needed to develop improved semiconductor technology and produce chips.
Intel last year said it would spend $7 billion on a US factory, and it had already started building the facility years ago. The dominance of a few players also helps ensure compatibility between machines. The downside is that hardware flaws like the newly revealed Meltdown and Spectre affect a huge number of users and could become systemic. It's an analogous problem to vulnerabilities in the once-dominant Microsoft Windows operating system - or, in the agricultural world, to a disease affecting a widely used crop variety, like the preponderant but under-threat Cavendish banana.
Security researchers on Wednesday published details of Meltdown and Spectre. The first affects Intel chips and potentially allows hackers to steal secret passwords by evading the hardware barrier between applications and a protected part of a computer's memory. The second also affects AMD and some ARM chips, and means hackers could trick applications into giving up information. Software groups like Apple and Microsoft had patches ready for Meltdown but not Spectre, which is less easily fixed but also harder to exploit. Research outfit Gartner reckons no single semiconductor vendor has more than a 15 percent share across all processor types, with Samsung last year displacing Intel for the top spot because of booming memory-chip sales. But in specific sub-sectors - like personal-computer or data-centre chips - single vendors dominate. The $200 billion Intel has more than 90 percent of the market for central processing units used in servers, for example, while it and AMD have long dominated PC microprocessors. True, vulnerabilities in chip design are rare. And the diligent patching of security holes helps mitigate the danger. But as semiconductors increasingly spread to homes, cars and factories through the Internet of Things, the risk is that a winner-takes-all chip industry effectively makes a few manufacturers' products too big to fail.
Researchers on January 3 revealed security flaws they said could let hackers steal sensitive information from nearly every modern computing device containing chips made by Intel, Advanced Micro Devices and ARM. One of the bugs is specific to Intel chips but another affects laptops, desktop computers, smartphones, tablets and internet servers. Intel and ARM said that the issue was not a design flaw, but it will require users to download a patch and update their operating system to fix.
The researchers - including Alphabet's Google Project Zero and other organisations including Cyberus Technology and Graz University of Technology - discovered two vulnerabilities. What they have called "Meltdown" breaks down the hardware barrier between a user's applications and operating system, potentially allowing hackers to access the memory and therefore secrets like passwords of other programs and the operating system. It affects Intel chips, but software patches are available.
"Spectre" breaks the isolation between different applications, allowing an attacker to trick otherwise error-free programs into leaking secret information. It affects chips from Intel, AMD and ARM and is harder to protect against. The flaws were first reported by tech publication The Register, which also reported that updates to fix the problems could causes Intel chips to operate 5 percent to 30 percent more slowly. Intel denied that the patches would bog down computers based on Intel chips.