"Chip loopholes" comparable "millennium bug", the high level of danger, the impact of large, how to successfully solve?

in technology •  7 years ago 

Just after the New Year this year, a chip loophole that swept through almost the entire IT industry broke out and people just relaxed their nervousness.

According to the disclosure of media at home and abroad, the ins and outs of the incident are as follows:

In 2017, the ProjectZero team at Google discovered some chip-level vulnerabilities caused by CPU Speculative Execution, "Specter" (Variant 1 and Variant 2: CVE-2017-5753 and CVE-2017-5715), and "Meltdown" Variant 3: CVE-2017-5754). All three of these vulnerabilities are caused by inherently architectural flaws that allow non-privileged users to access system memory to read sensitive information.

On June 1, 2017, a member of the Project Zero security team was telling Intel and other chip makers about the vulnerabilities, and until January 2, 2018, an article by The Technology Media The Register Exposure of the above CPU loopholes, chip loopholes in security issues surfaced, but also to Intel in a sudden crisis, leading to stock prices fell.

Chip loopholes broke out, causing widespread media and industry attention: Not only will Intel's market share in the CPU absolute advantage of the media thrown into the whirlpool of opinion, but also cause everyone's concern about security issues. People can not help but ask, chip loopholes have long been discovered, why it was announced? Is Intel intending to hide it?

Postponed, won the time to prepare for the deal

According to media disclosure, most of the mass-produced processors since 1995 are likely to be affected by the above loopholes and involve most common operating systems.

Although Intel-based, but most mainstream processors such as ARM, Qualcomm, AMD and other chipsets are also affected by loopholes, IBM POWER details of the processor also have an impact. The mainstream operating systems such as Windows, Linux, macOS, Android and other terminal devices that use these chips and computers, tablets, mobile phones and cloud servers are affected by the above vulnerabilities.

It should be said that this is a cross-vendor, cross-border, cross-architecture, cross-operating system, a major loophole incident, almost swept the entire IT industry.

According to a report in the Wall Street Journal, Project Zero security team teamed up with Intel and other chip makers on June 1, 2017, and for the past seven months Intel has been working hard with other major chip vendors, customers, and partners Partners, including Apple, Google, Amazon and Microsoft are stepping up efforts to resolve the issue, and a consortium of big tech companies is working together to research and prepare plans.

According to sources, the alliance members reached a confidentiality agreement, delayed open, research and development solutions to ensure that the loopholes published "ready." The source also said the original plan on January 9 in the open, and as the technology media The Registe on January 2 on the exposure of chip loopholes, leading Intel and other companies ahead of the announcement.

The day after the chip loophole was exposed, Intel released the latest security research and Intel product announcements on January 3, announcing the list of affected processors.

January 4, Intel announced that with its industry partners in the deployment of software patches and firmware updates have made significant progress. Intel has released updates for the majority of processor products introduced in the past five years and is expected to cover more than 90% of processor products introduced in the past five years by this weekend.

Subsequently, Microsoft, Google and other large technology companies have issued a response to the loopholes in the program, said they are or have updated their products and services.

Microsoft released a security update to protect user devices using Intel and other corporate chips; Apple confirmed that all Mac and iOS devices were affected by the vulnerability but released a defense patch; and Google said it has updated most of its systems And products, added protection against attacks; Qualcomm said it is developing security updates for products affected by recent chip-level security breaches.

Some network security experts believe that although the impact of a wide range of loopholes, for ordinary users, may not be too panicked, but the more affected mainly by cloud service providers. Most cloud service providers also announced plans and timetables to respond.

Ali cloud: will be at 1:00 on January 12 using thermal upgrade approach to the bottom of the virtualization update.
Tencent cloud: on January 10 from 01: 00-05: 00 through thermal upgrade technology for hardware platforms and virtualization platform for back-end repair, for a very small amount does not support the thermal upgrade server, Tencent cloud security team will be separate Notify.
Baidu cloud: will be in the virtual machine and physical machine to repair two levels, and will be January 12, 2018 zero hot fix upgrade.

Huawei Cloud: Being analyzed on the loopholes to follow up the release of patches by mainstream operating systems.
AWS: The new server has a patch by default.

AI Business believes that it is fortunate not to announce the discovery of a vulnerability, otherwise it will cause greater security concerns or panic if it is not announced. The delay to now announce the loopholes, Intel, Microsoft and other major manufacturers have been well prepared, have issued a patch and update programs.

Chip loopholes comparable to "millennium bug", we need "together"


Throughout the history of IT, the computer software or design flaws exposed as technology evolves can be an unavoidable phenomenon. Because, technology is developing, hacker technology is also evolving, many years ago found no loopholes, many years may find loopholes. "Believe it or not, the loophole may be there, but no one can yet find it."

Once the loophole is found, only a positive response to solve, in order to avoid losses, take preventive measures.

Chip is the "heart" and core of the entire information system. Solve this chip-level, unprecedented, involving a wide range of high-level security major loopholes, the degree of difficulty can be imagined!

This is not the chip leader Intel can solve one, not just Intel, ARM, AMD and other chip makers should actively respond to the problem. Moreover, according to information released by Intel, Microsoft and other manufacturers to see, up to now still can not completely solve the problem of loopholes. Fortunately, so far none of the actual cases have been compromised, and every company has said it has found no evidence of attacks using the above holes.

AI Commercial believes that this chip loophole incident is comparable to the "millennium bug" issue of the year and it has become a "one loss all" event for the entire industry. It requires the close cooperation of the entire industrial chain to solve the problem together. Well resolved, we are saved, and in case of security incidents, damage is not only Intel or a manufacturer, but the entire industry.

This not only reminds us of the scene when the whole industry "collectively" tackled the "millennium bug" issue.

"Y2K" is a bug in the processing date of a program. Since years are represented using only two decimal digits, erroneous results can occur when the system performs cross-century date-processing calculations, causing various system malfunctions and even crashes.

In the late 1990s, the Y2K problem was a topic of extensive discussion by many experts. It may trigger problems such as aircraft collisions, ship deviations in heading and the stock exchange crash. Once the consequences of the mistake are disastrous,

The reason why the millennium bug has basically passed without any delay can not be separated from the attention and vigorous repair done by the government and the entire industry. Certainly, the media can not but enjoy the overwhelming publicity. Even so, there are also a few backward countries that are either not paying enough attention or lacking sufficient funds and technology, leading to the onset of the millennium bug and the paralysis of some government agencies and power system operations.

Therefore, AI Commercial believes that the relevant manufacturers, users and government departments should come up with the current response to the "millennium bug" attitude to actively respond to take preventive measures.

First, we must closely follow the latest situation of the vulnerability, timely assessment of the impact of the vulnerability. Second, it is necessary to keep track of patches issued by chip manufacturers, operating system vendors and security vendors, formulate plans for the restoration work, and update installation in time.

We believe that as long as we make concerted efforts and respond positively, the issue of chip loopholes will eventually become "a false alarm."

[Editor: Yu Lei PT032]

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

The @OriginalWorks bot has determined this post by @mzee to be original material and upvoted it!

ezgif.com-resize.gif

To call @OriginalWorks, simply reply to any post with @originalworks or !originalworks in your message!

Please note that this is a BETA version. Feel free to leave a reply if you feel this is an error to help improve accuracy.