LONDON/NEW YORK (Reuters Breakingviews) – Tech groups like Amazon, Facebook and Alphabet are attracting increasing political heat for their dominance of markets like e-commerce, social media and web search. But a recently discovered security flaw in chips made by Intel, Advanced Micro Devices and ARM highlights another important concern: bugs potentially affecting hardware found in the majority of computing devices.
Scale helps justify the massive investment needed to develop improved semiconductor technology and produce chips. Intel last year said it would spend $7 billion on a U.S. factory, and it had already started building the facility years ago. The dominance of a few players also helps ensure compatibility between machines. The downside is that hardware flaws like the newly revealed Meltdown and Spectre affect a huge number of users and could become systemic. It’s an analogous problem to vulnerabilities in the once-dominant Microsoft Windows operating system – or, in the agricultural world, to a disease affecting a widely used crop variety, like the preponderant but under-threat Cavendish banana.
Security researchers on Wednesday published details of Meltdown and Spectre. The first affects Intel chips and potentially allows hackers to steal secret passwords by evading the hardware barrier between applications and a protected part of a computer’s memory. The second also affects AMD and some ARM chips, and means hackers could trick applications into giving up information. Software groups like Apple and Microsoft had patches ready for Meltdown but not Spectre, which is less easily fixed but also harder to exploit.
Research outfit Gartner reckons no single semiconductor vendor has more than a 15 percent share across all processor types, with Samsung last year displacing Intel for the top spot because of booming memory-chip sales. But in specific sub-sectors – like personal-computer or data-centre chips – single vendors dominate. The $200 billion Intel has more than 90 percent of the market for central processing units used in servers, for example, while it and AMD have long dominated PC microprocessors.
True, vulnerabilities in chip design are rare. And the diligent patching of security holes helps mitigate the danger. But as semiconductors increasingly spread to homes, cars and factories through the Internet of Things, the risk is that a winner-takes-all chip industry effectively makes a few manufacturers’ products too big to fail.