Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

  • Yuri Samoilov | Flickr
  • Connectivity

    At Least Three Billion Computer Chips Have the Spectre Security Hole

    Companies are rushing out software fixes for Chipmageddon.

    Tech companies are still working overtime on patching two critical vulnerabilities in computer chips that were revealed this week. The flaws, dubbed “Meltdown” and “Spectre,” could let hackers get hold of passwords, encryption keys, and other sensitive information from a computer’s core memory via malicious apps running on devices.

    How many chips are affected? The number is something of a moving target. But from the information released so far by tech companies and estimates from chip industry analysts, it looks as if at least three billion chips in computers, tablets, and phones now in use are vulnerable to attack by Spectre, which is the more widespread of the two flaws.

    Apple says all its Mac and iOS products are affected, with the exception of the Apple watch. That’s a billion or so devices. Gadgets powered by Google’s Android operating system number more than two billion, the company said last year. Linley Gwennap of the Linley Group, which tracks the chip industry, thinks the security flaws could affect about 500 million of them.

    As practically all smartphones run on iOS and Android—sorry, BlackBerry holdouts—this pretty much covers the mobile-device landscape.

    Sign up for the Chain Letter
    Blockchains, cryptocurrencies, and why they matter.

    By signing up you agree to receive email newsletters and notifications from MIT Technology Review. You can unsubscribe at any time. View our Privacy Policy for more details.

    Next, there are PCs and servers. These are largely powered by chips from Intel, whose share price has been battered since news of the flaws emerged. Its chief U.S. competitor, AMD, which has been gaining ground on Intel, said in a blog post  that its chips are not vulnerable to Meltdown and there is a “near zero risk” from one variant of Spectre and zero risk from another.

    Still, if some level of threat from Spectre exists, AMD chips merit inclusion. Between them Intel and AMD account for over a billion PC and server chips. In addition, there are a host of smaller chipmakers such as IBM, which has said at least some of its chips are affected. This brings the total to around three billion processors, though this could change as more information emerges. 

    That doesn’t mean they all need to be replaced. Tech companies have been rushing out software fixes to deal with Meltdown, and while Spectre is harder to eliminate, some patches have been issued that reduce the risk it poses. Hope is growing among security researchers for a software fix that removes the threat altogether. The good news is that Spectre is really hard to exploit—which doesn’t mean hackers won’t try.

    Mark Weatherford, a former senior official at the Department of Homeland Security who’s now at cybersecurity firm vArmour, says companies may still choose to replace hardware in particularly sensitive areas; in most others, they’ll need to apply patches swiftly and take other basic security measures.

     As for consumers: if your computer or phone offers you an operating system upgrade, take it immediately.

    Keep up with the latest in cybersecurity at EmTech MIT.
    Discover where tech, business, and culture converge.

    September 11-14, 2018
    MIT Media Lab

    Register now
    More from Connectivity

    What it means to be constantly connected with each other and vast sources of information.

    Want more award-winning journalism? Subscribe and become an Insider.
    • Insider Plus {! insider.prices.plus !}* Best Value

      {! insider.display.menuOptionsLabel !}

      Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

      See details+

      Print + Digital Magazine (6 bi-monthly issues)

      Unlimited online access including all articles, multimedia, and more

      The Download newsletter with top tech stories delivered daily to your inbox

      Technology Review PDF magazine archive, including articles, images, and covers dating back to 1899

      10% Discount to MIT Technology Review events and MIT Press

      Ad-free website experience

    • Insider Basic {! insider.prices.basic !}*

      {! insider.display.menuOptionsLabel !}

      Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

      See details+

      Print Magazine (6 bi-monthly issues)

      Unlimited online access including all articles, multimedia, and more

      The Download newsletter with top tech stories delivered daily to your inbox

    • Insider Online Only {! insider.prices.online !}*

      {! insider.display.menuOptionsLabel !}

      Unlimited online access including articles and video, plus The Download with the top tech stories delivered daily to your inbox.

      See details+

      Unlimited online access including all articles, multimedia, and more

      The Download newsletter with top tech stories delivered daily to your inbox

    /3
    You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.