Categories
Latest
Popular

Arm Holdings CEO Warns of More Bad Flaws in the Future

Image Source: Pixabay

Image Source: Pixabay

This month it was discovered that Intel processor chips held a fatal security flaw going back decades. The discovery of the flaw led to the creation of two security exploits: Meltdown and Spectre. The security flaw leaves all currently used PCs and any phone using affected chips vulnerable to attacks. During CES 2018 in Las Vegas, CNET interviews Arm Holdings CEO, Simon Segars, about the security flaw. Arm Holdings company based in the UK that manufactures most of the mobile processors currently used today.

Flawed Chips

Image Source: Pixabay

Image Source: Pixabay

Arm Holdings’ processor designs are the basis for most of the current mobile processors. Companies using their designs include Samsung and Apple. Arm Holdings is owned by SoftBank, a Japanese telecommunication company. Segar admits that, of the 120 billion chips sold worldwide, as much as 5% might be affected. That’s 6 billion chips, many of which are used by Apple for their iOS phones and gadgets and their MACs, vulnerable to attacks. Some of these chips are even used by Qualcomm, who made a statement regarding the problem and said they’re working with Arm to assess how big the problem really and if they can develop a fix for the said problem.

Qualcomm said in the statement that they are incorporating and deploying mitigations actively against their impacted products’ vulnerabilities, and that they continue to work in strengthening them. According to Segars, there’s another Arm chip that’s also might be affected by Meltdown instead, rather than Spectre, but he did not specify which chip that is.

Apple Confirms Vulnerability

Meanwhile, Apple has indeed confirmed that their devices were affected by the chip security flaw, saying that the impact targets all their devices. They have already made a fix for one of the vulnerabilities. The only exception to the rule is Apple’s wearables, which are not affected by any of the two. They also said that currently there aren’t any known exploits that use the two vulnerabilities.

It is written in Apple’s support page that they continue developing and testing further mitigations on these issues and these will be release in upcoming updates of iOS, tvOS,MacOS, and watchOS.”

Chip Vulnerabilities and Exploits

Image Source: Pixabay

Image Source: Pixabay

It was last week when these security flaws have come to light. At first, the major news was that Intel and other chip manufacturers have been hiding a known security flaw for years that existed in all their chips and from the point of its discovery until 2018 they have been continuously and knowingly been selling flawed chips. They also claimed that they did it so that hackers won’t find out. Interestingly it worked: hackers never found out and there is no exploit using Spectre and Meltdown exists as of this time. However to continue selling people flawed chips while seem to neglect to find a way to fix it, is damning.

AMD is the only one not affected by any of the vulnerabilities due to it having a different architecture, despite Intel’s claim that the problem lies with the design of all modern chips.

Then came the problem with the fix, which claims to fix the issue but will most likely reduce a computer’s performance by as much as 30%. This is a big blow for those whose business demands that they run computers at almost 100% performance such as data centers. It also impacts gamers whose gaming rigs were meant to always be fast and a 30% reduction in the performance of their rigs they built seems pretty disappointing.

Conclusion

Segars claim that the design that enabled this in the first place won’t be changed for a while, claiming that the speed boost to chip performance is too significant to ignore, meaning that chip manufacturers will most likely be choosing speed over security.

He said that what people will see is the end system being a combination of hardware and software. How it is written and tested will all evolve in making sure that the risks of using such approach will be well understood.