With the constant acceleration of the pace of informatization and technology, information security has become one of the topics that consumers are focusing on. On January 3, the exposure of the Intel chip vulnerability incident made the information security issue a global focus again. It is understood that this incident has affected almost all of the world's computers, mobile phones, servers and cloud computing products. Up to now, large enterprises such as Qualcomm, AMD, ARM, and Apple have made corresponding responses and preventive measures on this matter.
The truth of the incident: How serious is it?
According to reports, there are two vulnerabilities disclosed in Intel chips. They are named Meltdown and Spectre. The former allows low-privilege, user-level applications to “cross the border†to access system-level memory. You can fool the security checker so that the application can access any location in memory. This seems to mean that the memory is almost completely exposed to the public, including data, passwords, and various cache files. If some hackers and malicious software want to spy on the data, it is almost effortless.
In fact, it is not the first time that the chip of Intel is flawed. Just last March, security organizations had exposed security flaws in Intel chips. Afterwards, Intel said that the BUG mainly exists in Intel's active management technology software. It applies to vPro vPro technology processors, affecting a total of 38 products. No other anomalies were found after the patch was updated.
In the chip vulnerability incident, Intel will undoubtedly become the target of public criticism, but Intel is extremely smart and directly distracts the consumers' attention with the “wresting pot†approach. It concealed that the CPU security vulnerabilities are not unique to its chips, suggesting that other chip manufacturers such as ARM, AMD and other related manufacturers may have such vulnerabilities in their chips. The implication is obvious.
As the world's largest manufacturer of personal computer parts and CPUs, Intel has been deeply cultivating for many years in the CPU manufacturing field. Its position is very stable and it seems that there is no need to "fight the pot"! So why did Intel do this? The main reason is that this chip vulnerability is not easy to solve. It is far from the level of software repair that can eliminate hidden dangers. It may be necessary to reconfigure the Linux kernel and Windows kernel to solve the problem. To see the situation.
As of now, according to industry insiders, operating systems such as Microsoft Windows, Apple's macOS, and Linux have all been affected to varying degrees. In addition, servers such as Amazon, Google, and Microsoft have also been affected. At the same time, according to test results, some of the ARM Cortex A series of cores have also been affected, which also indirectly affected some of the mobile phone processors, such as Apple iPhoneA8, A9 and Huawei Unicorn 970 processor (Huawei Kirin970 is using CortexA72 kernel).
Multiple corporate survey responses
Since the disclosure of Google’s chip breaches by Google, AMD, ARM, Qualcomm, Microsoft, and Apple have investigated whether their products have been affected, and they are rushing to develop patches that can fix these flaws. So how do these companies respond to this?
Intel said that it is not clear whether hackers have launched a cyber attack on this loophole. However, Intel has joined most of the computer manufacturers to solve this problem. At the same time, it has provided some patch updates and hopes that relevant consumers can take the initiative to update.
Shortly after Intel made a sound, Dell, Lenovo and Hewlett-Packard also responded. They said that some patches have been updated and have been released to the official website. At the same time, shortly after this incident occurred, AMD China officials also issued an announcement in Weibo. Among the announcements, AMD stated that there are mainly three types of attacks, but most of them are ineffective for AMD. In other words, the impact of this vulnerability has little impact on AMD, which also indirectly responds to Intel's previous doubts.
In response to this incident, Microsoft stated that after we realized the importance of this incident, we actively deployed mitigation measures. At present, we have not yet received any reports of customers being attacked. At the same time, we have also updated the relevant Windows system.
As a result of the discovery of this loophole, Google also issued a statement in the microblogging. The statement stated that Google actually discovered the loopholes as early as last year and provided relevant information to Intel, AMD, and others in June 2017. ARM. At the same time, Gu said that Chromecast and Chrome browsers have not been affected by this.
During the continuous fermentation of this incident, Apple also issued an announcement confirming that some of the products were affected by this chip vulnerability, and quickly introduced the iOS 11.2.2 and macOSHighSierra 10.13.2 (supplemented updates) system patches, in which iOS updates fixed Safari and WebKit's Spectre security flaw, macOS update also fixes the Spectre security vulnerability. At the same time, Apple stated that Apple Watch has been affected by this loophole.
How should consumers face this incident?
Although many companies have responded, the storm is far from settled. According to industry insiders, the risk of PCs being affected by this chip is much lower than that of cloud servers. Currently, the most available solutions in the market are mitigation solutions, which cannot fundamentally solve the problems. Although these mitigation measures can improve the security performance, they will also reduce the use efficiency of the CPU and increase the cost. This is not the result that the user wants to see.
Of course, for this incident, there are also some experts that the current major suppliers have provided corresponding mitigation measures, although reducing the risk of chip attacks, but it is only "a temporary solution." What they need to consider more is whether the next generation of products needs to be replaced with new architectures to fundamentally solve such problems.
Nowadays, chip vulnerability incidents are irritating and many netizens have questioned this. After patching, will the performance drop? Is it not worth the candle if the security problem solves the result and the CPU performance deteriorates? You know, although the existence of a chip vulnerability has the risk of being attacked, the probability is not too high! What's more, the data of most individual users is useless to hackers, but what if it is?
In this regard, some experts said that most personal computer users do not have to worry too much. As long as the patch is updated in a timely manner, the risk of being attacked can be reduced. The problem of this underlying flaw in the technology may not be solved until the emergence of a new generation of CPU products. This requires the accumulation of time.
Special equipment for university physics laboratory
Teaching Equipment,Optical Bench Kit,Optical Instruments In Physics,Electrooptical Modulator Experimental Instrument
Yuheng Optics Co., Ltd.(Changchun) , https://www.yuhengcoder.com