Intel unsettled as Spectre and Meltdown fiasco chips its credibility
Chipmaker bears brunt of reputational damage from hardware vulnerabilities
If Intel’s business is significantly hampered by the chip flaw debacle, there may be unease in Ireland, where it employs about 5,000 people at its sites in Leixlip and Shannon. Photograph: Thomas White/Reuters
“Bad news isn’t wine. It doesn’t improve with age.” Intel bosses may wish they had kept that in mind when the tech giant was formulating its response to the recent revelations that there were major security flaws in its microprocessor chips.
The discovery that the Spectre and Meltdown vulnerabilities could potentially give hackers access to information that would have been considered secure has rocked the industry and its faith in hardware security. The companies knew about the problem from June and July last year, when it was discovered by researchers; the public were alerted to the issue only because the news was about to leak, before researchers and chip firms had devised a fix to solve the problem. It was revealed last week that Intel had informed some companies - including Chinese firms - before it told the US government, which has caused consternation in some circles.
Add to that a badly-timed sale of shares by Intel chief executive Brian Krzanich – executed under an automatic trading plan – and the company crawled out of the whole issue a little bit bruised and battered.
On the face of it, it was a devastating blow to Intel and its brand. But Intel wasn’t on its own with the bad news. While Meltdown affected Intel chips, Spectre impacted almost every modern computing device, with Intel, AMD and ARM Holdings chips all vulnerable as a result. Independent researcher Paul Kocher, who was among those who first identified the problem, blamed the industry. “These issues really ought to have been found by people inside of the processor companies,” he said.
It must rankle among the chipmaker’s executives that the company has borne the brunt of the security scare, at least in the public’s perception.
Some were quicker to respond than others. AMD said the risk to its devices was “near zero”.
Apple took a couple of days to formulate its response to the crisis before announcing that all its devices – bar the Apple Watch – were affected, but even that couldn’t shake the perception that was an Intel problem.
Impact on shares
The impact on its shares was swift. From trading at €46.85 on January 2nd, the day before Intel confirmed the flaw, the stock slumped to €42.50 on January 10th. The recovery has been gradual, but after Intel released its fourth quarter results, shares gained to reach dot-com boom era levels and breached the €50 mark.
The results did not reveal the impact of Spectre and Meltdown on the company’s bottom line. That particular shock wave will be felt only further down the line, as consumers come to replace their machines and are faced with the choice of opting for an Intel-powered machine or one of its rivals. However, Intel executives didn’t seem overly concerned by the issue when discussing the flaws.
If that is how things play out, that’s good news for us. If Intel’s business is significantly hampered by the chip flaw debacle, there may be unease in Ireland. Intel is one of the largest single employers in the State, with about 5,000 employees at its various sites in Leixlip and Shannon. Any retrenchment on that would undoubtedly have a negative impact on the business here. That is before you take into account the impact on local economies around Intel’s business.
What exactly does Intel do here? It developed the the Galileo board and Quark chip, which are designed for Internet of Things applications, and also manufactures 14-nanometre (nm) chips at its Fab 24 facility. The shift to 14nm came in recent years after the company invested in its Leixlip facility over three years to 2014, in anticipation of beginning 14nm production by the end of that year.
Intel initially downplayed the potential effect on performance that the patch would have, saying most people would barely notice the difference
Among the chips that use Intel’s 14nm process are Broadwell, Skylake and Kaby Lake.
Intel may not be solely culpable, but as one of the most well-known brands in the chip industry, it needed to get its message right. Instead, consumers were fed confusing news and the major players in the industry failed to agree on key points on the issue, mainly around repercussions to the fix for the flaws.
Intel initially downplayed the potential effect on performance that the patch would have, saying most people would barely notice the difference. Microsoft, on the other hand, said there may be significant effects on performance. Linux creator Linus Torvalds was scathing in his response. An email conversation between him and an Amazon engineer saw Torvalds describe Intel’s fix as “complete garbage”.
Intel has since given some concrete figures on what to expect. In data centres, for example, running website servers saw a 2 per cent slowdown after the patches were installed. Online transactions at a stock brokerage showed a 4 per cent slowdown, while in the case of work involving servers that store large amounts of data and need quick retrieval, the slowdown could be between 18 per cent and 25 per cent.
But then the problems started. The patch that was rolled out to fix the majority of the computer chips produced by Intel in the past five years started causing problems in systems running the older Broadwell and Haswell chips. Last week the problem got a little worse. Intel said computers in data centres with its newer chips – Ivy Bridge, Sandy Bridge, Skylake and Kaby Lake – were also affected, and would reboot more often than normal.
It was a case of “lots done, lots more to do” for the company, which is now faced with patching the patch. Customers affected by the buggy updates should get the new software this week, according to Navin Shenoy, general manager of Intel’s data-centre group.
“We have reproduced these issues internally and are making progress toward identifying the root cause,” Shenoy wrote in a post on Intel’s website.
Meanwhile, Microsoft has already issues an update for Windows 7, 8.1 and 10 that disables the buggy patch for Spectre variant 2.
Irish companies are already feeling the impact of the problem, said security consultant Brian Honan.
“It has made people realise that managing security across many complex systems isn’t an easy task,” he said. His company has already had a number of queries from clients about rolling out the patches, some of who have previously had difficulty deploying such updates.
Intel was left looking like it had tried to cover up the problem, and once that came out, the company’s attempts to rectify the problem seemed like one misstep after another
This time though, it’s slightly different. Companies are used to dealing with software issues, but the current flaws are hardware-based.
“The focus has always been the software because it’s accessible and more widespread. Traditionally, to hack and take advantage of vulnerabilities in hardware you need local and physical access to the device,” Honan said.
Speaking at the release of its fourth quarter resukts, Intel said it sees no “meaningful impact” on corporate earnings from the vulnerabilities. So far, so positive, but the company still noted in the release that there may be some impact from the flaws.
Intel may be counting on a short memory and forgiving nature when it comes to sales of its chips. And it may well have cause to do so – after all, how many consumers remember the Pentium flaw of 1994?
At the time, it was billed as a case study in how not to handle a crisis; jokes abounded that the Pentium sticker was actually a warning label. A flaw in the chip wasn’t revealed to consumers until a US maths professor discovered it and began to publicise it. Intel was left looking like it had tried to cover up the problem, and once that came out, the company’s attempts to rectify the problem seemed like one misstep after another.
Intel shook off the negative publicity. In the intervening years, the company has gone from being the king of the chipmakers to the company that missed out on the mobile boom. PC sales have fallen in the intervening years and Intel has been eyeing new markets, including the Internet of Things, which typically has a lower price point than the desktop and laptop market. The “Intel Inside” brand, in these devices, may not be as much of a pulling point as it was previously.
The latest results showed Intel’s PC group revenue hit $9 billion for the quarter, a 2 per cent decline from the year before, but rose 3 per cent for the year to $34 billion.
Intel also saw strong growth in two small non-PC businesses that it hopes to expand in the future. Its so-called internet of things business, which focuses on connecting street lights and industrial machines to the web, expanded 21 percent to $879 million for the quarter.
More than 40 per cent of Intel’s business is in server chips, a higher margin market that is potentially a little more measured in its assessment of news than the consumer sector. According to its latest set of results, that business is healthy, with revenue from the business jumping about 20 per cent.
But the company is facing competition in that market from AMD, and while the brand damage from the Spectre and Meltdown incident may not be as severe in this market, the addition of new competition may mean Intel lose some of its market share.
Patrick Moorhead, an analyst at Moor Insights & Strategy, views AMD’s Epyc chips as a serious competitor that will take market share this year – though he considered the chip vulnerability unlikely to be a factor in customers’ buying decisions.
Intel will most likely weather the storm. But going forward, perhaps Krzanich should keep another famous quote in mind, from billionaire businessman Warren Buffett. “It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you’ll do things differently.” – Additional reporting: Financial Times, Reuters