Meltdown and Spectre, recently discovered chip design flaws that could affect nearly every computer and device made in the past 20 years, have the potential to slow down the technology cycle and impact technology innovation and monetization extensively.
In January, Intel Corp. acknowledged that it had been made aware of an issue with its chips, which had the potential to improperly gather sensitive data from computing devices. Intel noted that many types of devices "with many different vendors' processors and operating systems" were susceptible. Specifically, the flaws, discovered by academic and industry researchers from several countries, make it possible for critical information stored deep inside computer systems to be exposed.
The financial implications of the flaws are vast and may be incalculable, especially since it may significantly slow down chip design and manufacturing going forward, according to George Edwards, a computer scientist and consultant with Quandary Peak Research.
"Certainly when a major event like this occurs there is an internal investigation into how this slipped through the cracks, so to speak, and as a result of that ... it's entirely possible that new and different processes are put in place to try to mitigate that risk," Edwards, who is also a professor at the University of Southern California, said in an interview.
While Intel and many software vendors have issued workaround patches for the vulnerabilities, those tend to reduce processing speeds by as much as 30%, security experts and researchers said. In addition, since the software patches are maneuvering around the fundamental processes of the hardware, they could have unforeseen consequences beyond just slowness that could result in more financial and technical fallout, said Will Dormann, vulnerability analyst with Carnegie Mellon's Software Engineering Institute, which provides cybersecurity research and consulting with the U.S. Department of Defense.
"You're changing something very core to how an operating system works," Dormann said in an interview, adding that he hopes the issue has processor developers "thinking a little bit harder about security impacts."
The data center business will likely be one of the most financially impacted by Meltdown and Spectre. Companies such as Amazon.com Inc. Alphabet Inc. and Microsoft Corp. use massive networks of servers to host their cloud computing offerings, which represent a significant cross section of the consumer and business communities. Often cloud service providers charge clients on a processing-time function, so servers running patches that significantly slow down server operations could translate to significantly increased costs to consumers.
"It's definitely going to break the product cycle for all of those companies," Tony Cole, global government chief technology officer at cybersecurity services provider FireEye, said of the chip manufacturers. "Across the board we may see a higher cost to enterprises utilizing cloud services."
Replacing the hardware might be the only way to truly fix the vulnerabilities. But replacement will be a daunting task given the vast majority of microprocessors are from Intel, SoftBank Group Corp.'s ARM Holdings and Advanced Micro Devices Inc. The three companies account for almost the entire processor market, and there are more than 8 billion connected computing devices worldwide.
Even as the manufacturers scramble to replace the faulty processors with new designs, new hardware could take several years to permeate the market. Intel, ARM and AMD will also have to redesign chips along different stages of their design and manufacture chain.
Intel recently announced that new chips will be released in the second half of the year to address the design flaws. This means the new chips will be available well over a year after Intel learned of the issue and more than six months after it publicly addressed the issue.
Companies like Apple Inc., which said all of its Mac and iOS devices are impacted by the flaws, assured users that there has been no evidence of a breach leveraging these vulnerabilities. That said, a few cybersecurity experts have argued breaches caused by Meltdown and Spectre may be impossible to detect given the amount of control a hacker could have in covering their steps.
There have been hardware flaws and breaches in the past, such as recent vulnerabilities in baby monitors and a 2015 vulnerability in a number of home and office routers. However, none has represented such a widespread and fundamental issue, affecting devices and servers across manufacturers.