Intel bug: 'Spectre' security flaw is so fundamental that it will require every computer to be re-designed

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

A huge bug found in the fundamental architecture of computers could require them to be entirely re-designed.

The new security flaw could allow attackers into the most sensitive parts of a computer, and the information contained in it. And fixing it might mean re-designing the chips that power them almost from the beginning, researchers have warned.

The bug – which is actually two separate vulnerabilities – was found by Google researchers who say that the problem affects some of the most fundamental parts of how computers work. And it is contained within just about every modern device.

One of the problems, called Meltdown, is already fixed in many computers. That patch comes with its own problems: it can slow down the systems by as much as 30 per cent.

But perhaps more dramatic is the Spectre vulnerability, for which there is no easy fix. Instead, the issue arises with the very foundations of the chips, meaning that they won't be fixed until computers are re-designed and replaced, according to security experts.

It is so fundamental that it affects almost every computer – including phones and other devices – made in the last 20 years. And it appears to exploit the very design of those chips, meaning that it affects products made not just by Intel, as initially reported, but a range of other technology too.

It is not even clear how the re-design could actually happen to remove Spectre, according to researchers, since there's no known fix for the problem. That means that companies like Intel who have been hit by the bug might not be able to solve it immediately.

It could take many years for computers and chips to include fixes for the Spectre issue, and for the industry to recover.

But there also isn't any known exploit of it, either. The precise details of the problem are still being kept secret to avoid them being used by malicious attackers, meaning that it's hard to know just how widespread or easy they are to use.

Much of the work to find a fix to both Spectre and Meltdown is already thought to be happening. Though the flaw was only just revealed, security researchers have been secretly working to patch it for months – meaning that most consumer systems have actually already received patches for Meltdown.

Intel's statement and those of other chip manufacturers didn't address the problem of Spectre, and the re-designs that could be required. Its long press release only made reference to installing updates, which would presumably only fix the issues with Meltdown.

"Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available," Intel said. "Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied.

"Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers."