The Korea Herald

피터빈트

Intel’s flaws expose first cloud-based PyeongChang Olympics to hacking threats: expert

Samsung smartphones, IoT devices may not be safe from Meltdown and Spectre bugs

By Song Su-hyun

Published : Jan. 8, 2018 - 18:02

    • Link copied

The latest revelation by Google’s security team Project Zero about flaws in Intel’s central processor units exposes the upcoming PyeongChang 2018 Winter Games to new hacking threats, according to a South Korean expert on Monday.

Kim Seung-joo, an information security professor at Korea University, told The Korea Herald that it was urgent for the organizing committee of the PyeongChang Games to examine possible threats to the sports event that is being prepared as the world’s first cloud-based Olympics.

“Cloud services will be the most vulnerable to the Meltdown and Spectre bugs in CPUs designed by Intel since 1995, and the PyeongChang Olympics is exposed to the threats, because it is the first international event offering the cloud service,” Kim said.

On Wednesday the latest Google report revealed that Intel’s CPUs, which have been adopted by over 80 percent of PCs and laptops around the world, are vulnerable to a security flaw known as Meltdown and another known as Spectre, which affects other processors as well.

The professor said all data of past Olympics and the information of athletes are stored in a data center in the Netherlands, and will be transmitted via the cloud to PyeongChang during the upcoming event scheduled to take place Feb. 9-25 in Gangwon Province.

“Since the report on Intel’s CPU flaws was revealed a few days ago, the Olympic committee hasn’t yet been able to check out the possibility,” Kim said. 

(Yonhap) (Yonhap)

Kim is an adviser to the PyeongChang organization committee’s information and telecommunications control tower.

In response to the concerns, Oh Sang-jin, director general of information telecommunications at the committee, said the committee is taking “all available measures to secure the data” after the Intel scandal broke out.

“We are monitoring the Netherlands data center through document-based checkups, and working together with the Ministry of Science and ICT to use security patches, although they will not be 100 percent secure,” Oh said.

The PyeongChang Olympics’ cloud service will run based on a private cloud system that does not open all data to the public, he added.

Most CPUs used at the data center and cloud services are made by Intel, the official confirmed.

Olympic committee officials visited the Netherlands data center in April of 2016 and 2017 for on-site examinations.

KT, the official telecommunications partner for the games, has prepared its Internet Data Center in Mokdong, western Seoul, as an exclusive cloud server for the Olympics.

The company is also on alert to minimize security concerns following the Intel scandal.

According to Google’s report, Meltdown and Spectre can be exploited by hackers looking to steal data.

Kim explained that chipmakers, under pressure to enhance the computing power of the newest IT gadgets, improve the performance of existing CPUs through out-of-order executions or branch predictions.

“During the enhancement process, some premade results are discarded, but they are not perfectly removed, but being stored in cache memory, which can be the target of hackers through a method known as cache timing attack.”

Data related to the Olympics are no exception from the threat from hackers, as they only need one or two days to come up with new methods to attack Intel’s CPUs, he added.

Pundits also say that Intel’s business partners AMD and ARM, which provide architectures for mobile processors of premium smartphones like Samsung Electronics’ Galaxy series and Apple’s iPhones and iPad, may not be free from security concerns.

ARM, a UK-based intellectual property firm for mobile processors, provides chip architectures for over 90 percent of high-end smartphones worldwide.

For example, Samsung’s newest mobile processor Exynos 9810, which announced mass production Thursday, has four high-performance custom cores and four ARM Cortex-A55 cores.

It also uses ARM’s DynamIQ tech, launched last year as an improvement to the former big.LITTLE, which showcased a major upgrade in the CPU for seamless multitasking.

Speaking to the media for the first time since the security flaws were exposed, ARM told The Korea Herald by email Monday that it was not an “architectural flaw.”

“We can confirm that (ARM has) been working together with Intel and AMD to address a side-channel analysis method which exploits speculative execution techniques used in certain high-end processors,” the company said in a statement. “This is not an architectural flaw; this method only works if a certain type of malicious code is already running on a device and could at worst result in small pieces of data being accessed from privileged memory.”

The company, instead, stressed its Cortex-M processors that are widely used in Internet of Things devices are not impacted.

By Song Su-hyun (song@heraldcorp.com)