Tesla uses an Intel processor?

[Glamisduner]

With the breaking news that all Intel processors for the last 10-20 years have a huge security flaw that can only be corrected by software which will cause up to a 30% performance hit.

Tesla will reportedly use Intel chips to power its massive infotainment console

Early Data Shows Linux Update to Fix Intel Security Flaw Hits Performance Hard - ExtremeTech

I wonder if future cars will have the new CPU's or will they continue to install the flawed chips? Will this become another bottleneck? How will that 20% hit affect the model 3 computer?

 

[araxara]

Intel has disputed the 30% performance hit. And since there are no user installed programs that can make use of this flaw, it would not really matter. I would think that moving forward, Tesla would use new chips rather than old ones.

 

[strykeroz]

Too many unknowns at present. The MELTDOWN vulnerability will be a software patch which is already available for Linux based systems. However the SPECTRE vulnerability reported at the same time is a fundamental processor design flaw that cannot be patched around and will remain an issue until entirely new chips are available, and it impacts Intel, AMD and ARM based on published testing but I haven't read anything to suggest that precludes others from IBM etc.
As yet there appear to be no reported examples of these exploits being used in the wild, as per previous poster.

 

[Kardax]

Both vulnerabilities can be exploited via web browsers through JavaScript, and as strykeroz notes, Spectre theoretically works on any CPU with speculative cache reading behavior, which is pretty much any modern CPU, including the ARM-based chips in Model S/X.

Model 3 doesn't have a browser or a way to load 3rd party apps, so there isn't an easy way to attack it. The Model S/X browsers are probably vulnerable, and I wouldn't be surprised if someone on this forum was sitting in their garage experimenting right now.

The trick here is that there isn't a definite way to prevent it without a severe performance impact. Browser vendors are still researching and in the meantime are planning aggressive mitigations like disabling SharedArrayBuffer and crippling performance.now().

 

[Stoneymonster]

Both vulnerabilities can be exploited via web browsers through JavaScript, and as strykeroz notes, Spectre theoretically works on any CPU with speculative cache reading behavior, which is pretty much any modern CPU, including the ARM-based chips in Model S/X.

Model 3 doesn't have a browser or a way to load 3rd party apps, so there isn't an easy way to attack it. The Model S/X browsers are probably vulnerable, and I wouldn't be surprised if someone on this forum was sitting in their garage experimenting right now.

The trick here is that there isn't a definite way to prevent it without a severe performance impact. Browser vendors are still researching and in the meantime are planning aggressive mitigations like disabling SharedArrayBuffer and crippling performance.now().

No one has demonstrated a broswer exploit that allows an attacker to get beyond the browser process itself yet. At least with Spectre I think.

 

[Kardax]

No one has demonstrated a broswer exploit that allows an attacker to get beyond the browser process itself yet. At least with Spectre I think.

That's not super comforting, though. The content of pages you view and anything you type (including passwords) are at risk. It also provides a path to defeating defense-in-depth measures like ASLR, making it much easier to exploit other vulnerabilities.

 

[Stoneymonster]

That's not super comforting, though. The content of pages you view and anything you type (including passwords) are at risk. It also provides a path to defeating defense-in-depth measures like ASLR, making it much easier to exploit other vulnerabilities.

Oh it’s bad, not disagreeing.

 

[strykeroz]

Elon tweeted today that there would be an update to the browser shortly, and that there will be a performance hit until the code is optomised, which I think is going to be the standard line from all OS vendors.

 

[BioSehnsucht]

The "up to 30%" hit is task specific, so far I've only seen reports of database systems of various kinds seeing anything even over 20% performance impact. For most purposes, it should be single digit percentage performance hit, if measurable at all.

Also, apparently AMD is (depending on which of the three varieties of vulnerability you are talking about, there are 3 ways of doing basically the same thing) either immune or nearly so (essentially immune for any reasonable expectations), due to architectural differences. I'm just surprised that ARM managed to make some of the same mistakes as Intel.