Skip to Content
Computing

Intel’s “Foreshadow” flaws are the latest sign of the chipocalypse

August 15, 2018

The vulnerabilities could allow hackers to gain access to sensitive data in a computer’s memory

The bad news: According to a report in ZDNet, the flaws, which Intel calls “L1 Terminal Fault” and researchers have grouped under the moniker “Foreshadow,” are similar in nature to the Spectre and Meltdown security holes that were uncovered earlier this year in billions of chips from both Intel and AMD. AMD says its products aren’t vulnerable to the Foreshadow flaws, so this time it’s only Intel’s central processing unit chips that appear to be affected.
 
The downside: Foreshadow could let hackers mount “side channel” attacks that give them access to the portion of a chip’s core memory that holds things like passwords and encryption keys. Machines running in the computing cloud and handling workloads for lots of different customers could be particularly vulnerable to such attacks.
 
The (slightly) better news: The researchers who found the security holes gave Intel a heads-up months ago, so it has had time to prepare software patches to minimize the risk. With both Spectre and Meltdown, Intel had to scramble to take corrective action. Cloud computing vendors like Microsoft and Amazon have also been issuing notices about steps they’ve taken to minimize the threat Foreshadow poses to customers.
 
A lingering risk: Because Foreshadow, Spectre, and Meltdown are all hardware-based flaws, there’s no guaranteed fix short of swapping out the chips. But security experts say the weaknesses are incredibly hard to exploit and that there’s no evidence so far to suggest this year’s chipocalypse has led to a hacking spree. Still, if your computer offers you an urgent software upgrade, be sure to take it immediately.

Deep Dive

Computing

Erik Prince wants to sell you a “secure” smartphone that’s too good to be true

MIT Technology Review obtained Prince’s investor presentation for the “RedPill Phone,” which promises more than it could possibly deliver.

Corruption is sending shock waves through China’s chipmaking industry

The arrests of several top semiconductor fund executives could force the government to rethink how it invests in the sector.

Inside the software that will become the next battle front in US-China chip war

The US has moved to restrict export of EDA software. What is it, and how will the move affect China?

Hackers linked to China have been targeting human rights groups for years

In a new report shared exclusively with MIT Technology Review, researchers expose a cyber-espionage campaign on “a tight budget” that proves simple can still be effective.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.