Executive Briefings

'It Can’t Be True': Inside the Semiconductor Industry’s Meltdown

It was late November and former Intel Corp. engineer Thomas Prescher was enjoying beers and burgers with friends in Dresden, Germany, when the conversation turned, ominously, to semiconductors.

‘It Can’t Be True:’ Inside the Semiconductor Industry’s Meltdown

Months earlier, cybersecurity researcher Anders Fogh had posted a blog suggesting a possible way to hack into chips powering most of the world’s computers, and the friends spent part of the evening trying to make sense of it. The idea nagged at Prescher, so when he got home he fired up his desktop computer and set about putting the theory into practice. At 2 a.m., a breakthrough: he’d strung together code that reinforced Fogh’s idea and suggested there was something seriously wrong.

“My immediate reaction was, ‘It can’t be true, it can’t be true,’” Prescher said.

Last week, his worst fears were proved right when Intel, one of the world’s largest chipmakers, said all modern processors can be attacked by techniques dubbed Meltdown and Spectre, exposing crucial data, such as passwords and encryption keys. The biggest technology companies, including Microsoft Corp., Apple Inc., Google and Amazon.com Inc. are rushing out fixes for PCs, smartphones and the servers that power the internet, and some have warned that their solutions may dent performance in some cases.

Prescher was one of at least 10 researchers and engineers working around the globe — sometimes independently, sometimes together — who uncovered Meltdown and Spectre. Interviews with several of these experts reveal a chip industry that, while talking up efforts to secure computers, failed to spot that a common feature of their products had made machines so vulnerable.

Read Full Article

Months earlier, cybersecurity researcher Anders Fogh had posted a blog suggesting a possible way to hack into chips powering most of the world’s computers, and the friends spent part of the evening trying to make sense of it. The idea nagged at Prescher, so when he got home he fired up his desktop computer and set about putting the theory into practice. At 2 a.m., a breakthrough: he’d strung together code that reinforced Fogh’s idea and suggested there was something seriously wrong.

“My immediate reaction was, ‘It can’t be true, it can’t be true,’” Prescher said.

Last week, his worst fears were proved right when Intel, one of the world’s largest chipmakers, said all modern processors can be attacked by techniques dubbed Meltdown and Spectre, exposing crucial data, such as passwords and encryption keys. The biggest technology companies, including Microsoft Corp., Apple Inc., Google and Amazon.com Inc. are rushing out fixes for PCs, smartphones and the servers that power the internet, and some have warned that their solutions may dent performance in some cases.

Prescher was one of at least 10 researchers and engineers working around the globe — sometimes independently, sometimes together — who uncovered Meltdown and Spectre. Interviews with several of these experts reveal a chip industry that, while talking up efforts to secure computers, failed to spot that a common feature of their products had made machines so vulnerable.

Read Full Article

‘It Can’t Be True:’ Inside the Semiconductor Industry’s Meltdown