It’s 2018. Technology is everywhere. More people trust the cloud with their lives now than ever before. Gmail. Youtube. iCloud. Dropbox. I’m sure you’ve used one of these platforms, and if you’re like most of us, they contain your digital life. Internet-connected computers power everything from airports, power plants, to of course cloud applications.
Imagine hackers reading your emails, stealing your passwords, and accessing critical components of our infrastructure. These are all very real possibilities our society faces by placing these things on the internet. Sure, we expect the big guys to keep our information safe, but why not target the chips that power them? Intel has been quoted having 99.2% of the entire server market, which makes it a great platform for governments, malicious hackers, and security researchers to look at. Find one major flaw, and you would have essentially the equivalent of total world domination.
This is why bugs like the latest x86 architecture flaw are so concerning. A chip design flaw of the century, appropriately dubbed “Meltdown” and “Spectre”. If you haven’t heard of this, I recommend you check out the arstechnica article on it, but the bottom line is that nearly every modern CPU is vulnerable to an exploit that allows apps to break out of it’s designated memory space, granting it much more power into other components of the system. Sure, your home PC or your laptop is vulnerable, but why would you be the target of such an attack? The real money lies in our cloud platforms.
This is why I’d like us to be mindful that nothing is perfect, and to reconsider our fixation on connecting everything to the internet. You don’t need smart toasters, or behavior tracking wearables. And just because a product is “secure” today, doesn’t mean an attack won’t surface tomorrow. We are already completely at the mercy of cloud companies, do we really want to put more of our lives on the line (pun intended)?
PS: If Meltdown isn’t scary enough, almost every Intel chipset comes with its own operating system, the Intel Management Engine (IME). The IME requires full network access, runs it’s own web server, and is even on when your computer is turned off by design. In addition to this, it is impossible to boot a computer with the IME disabled. It’s no wonder companies like Google are actively trying to kill it off.