Intel will block Spectre attacks with new chips this year

Cascade Lake processors for servers, coming this year, will fight back against a new class of vulnerabilities, says CEO Brian Krzanich.

Stephen Shankland principal writer
Stephen Shankland has been a reporter at CNET since 1998 and writes about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertise processors, semiconductors, web browsers, quantum computing, supercomputers, AI, 3D printing, drones, computer science, physics, programming, materials science, USB, UWB, Android, digital photography, science Credentials
  • I've been covering the technology industry for 24 years and was a science writer for five years before that. I've got deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and other dee
Stephen Shankland
2 min read
The Spectre vulnerability in several processors can let an attacker snoop on sensitive data like passwords and encryption keys.

The Spectre vulnerability in some processors can let an attacker snoop on sensitive data like passwords and encryption keys. 

Natascha Eibl

Intel will release server processors this year with hardware features designed to block attacks that use serious new Spectre vulnerabilities, Chief Executive Brian Krzanich said Thursday.

The Spectre "side channel" attacks lets one software process snoop on another, gathering sensitive data like passwords or encryption keys. The industry has been scrambling to issue software patches to operating systems and web browsers to thwart such attacks, but Intel now has detailed plans to block them with the chips themselves.

The fix will come later this year in the company's latest generation of Xeon server chips, called Cascade Lake and built for servers found by the thousands in data centers run by companies like Google , Amazon and Microsoft . The Spectre-snooping possibility is a particular problem for them since a server in cloud-computing services often handles jobs from different customers simultaneously.

Intel's fix uses a partitioning technology that effectively puts walls around different applications to block snooping, Intel said.

In the meantime, Intel has made progress on setting things right with existing chips.

"We have now released microcode updates for 100 percent of Intel products launched in the past five years that require protection against the side-channel method vulnerabilities discovered by Google," Krzanich said in a statement.

These are important steps in Intel's effort to get itself out of the Spectre hole. The company's stock price was punished when security researchers at Google and other firms revealed Spectre and a conceptually related attack called Meltdown. Adding insult to injury, some Intel software updates caused unexpected reboots.

But it's still just a step. Intel also plans to bring the update to a new version of its current Kaby Lake Xeon processors this year, but it's not yet clear when PC processors will get the fix. The fix will address the two variants of Spectre, but Intel is relying on software updates to block Meltdown attacks.

A big problem with patching the Spectre and Meltdown vulnerabilities is that the fixes curtailed acceleration features built into the software. Nobody wants a slower computer.

Addressing the problem in hardware has the potential to fix things without as much of a performance penalty. However, it wasn't immediately clear what effect the hardware fix will have on performance.

Intel wasn't alone in suffering from Spectre. It affects other chipmakers, too, including those building chips for PCs, phones and other devices.

Krzanich on Thursday also offered a reminder that security fixes go only so far if users don't do their part.

"I encourage everyone to make sure they are always keeping their systems up-to-date," he said. "It's one of the easiest ways to stay protected."

Originally published March 15 at 7:00 a.m. PT.
Updated at 7:25 a.m. PT: Added statements from Intel's CEO.

Security: Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.

Blockchain Decoded: CNET looks at the tech powering bitcoin -- and soon, too, a myriad services that will change your life.