It has been recently discovered that Intel has been on a hardware finding mission to gather all their old processor technologies in order to provide better security for older systems. Why is old hardware such a challenge for security, what is Intel currently doing, and how can engineers learn from Intel’s mistake?

Why does old hardware present security with a major challenge?

It can be said that one of the biggest challenges of developing new technology is the rate at which it is being developed. By the time a new processor architecture has been developed and released to the general public, a new version with improvements and fixes is almost ready to be released itself. The same goes with camera equipment, memory devices, networks, and even household appliances; as soon as a piece of technology is ready for distribution, it has already fallen behind.

This rapid change in technology is problematic for the environment via e-waste or for those struggling to keep up (typically older generations). It also presents a major problem for security. New technology releases will generally fix problems found in previous versions, and there is no guarantee that a fix can be given for previous versions. For example, a hardware bug in a chip could be unfixable, so anyone using that chip would be vulnerable unless they upgrade their system.

Of course, upgrading devices such as smartphones and computers is not a challenge as many users prefer to have the latest tech when it comes out. However, some systems cannot receive upgrades as fast as new technology becomes available.

For example, a bank may have an old mainframe that stores customer details and bank records that cannot be easily transferred to a new system. This could be due to the use of software no longer supported, the bank network being dependent on the mainframe, or replacing the system would be far too expensive.

The result of rapidly changing technology is that many users are left with devices that can have serious security flaws. To make matters worse, the older a piece of technology is, the more likely that flaws are to be discovered. As such, older hardware that is not upgraded becomes a potential attack point for hackers.

Intel is reported to be gathering its old hardware for security

Intel is famous for its high-performance CPUs in servers, desktops, and even mobile devices. As their products are found in hundreds of millions of devices worldwide, it makes sense that hackers constantly look for flaws in Intel hardware. If any exploits are discovered, hackers could access millions of targets worldwide.

Now, one would think that Intel would keep a few spares of each CPU it has designed, if not for research purposes, then for sentimental reasons. Even Nintendo keeps mint condition versions of each product it has ever manufactured.

However, it turns out that Intel has never actually kept a catalogue of its products, and recent reports have revealed that Intel has only just started to catalogue their older parts. The report is even more unusual because Intel has struggled to locate some CPU architectures and has resorted to using online sites such as eBay to find them.

Intel struggled to find one example of a CPU family: the Sandy Bridge microprocessors from 2011 and 2013. Despite having designed and fabricated the device themselves, they did not have a single one in stock for research purposes.

Currently, Intel has a warehouse and research facility with approximately 3,000 pieces of legacy hardware but plans to expand this to 6,000. This facility’s purpose is not just to catalogue old hardware but to find security flaws in these products and then develop solutions for customers reliant on such technology. Intel employees can request specific hardware customisation via a cloud service picked up by the facility, the device is made. Then tests can be done on performance and potential issues.

What can engineers learn from Intel’s legacy hardware?

Unusually, Intel has never kept copies of each device that it produces, but what is more shocking is that Intel did this without thinking about long-term security. CPUs are a core component in modern electronics, and it is well understood that they are one of the main targets by hackers. Looking for flaws and finding fixes is a service that Intel should be actively pursuing so that customers of their hardware can be assured that flaws found can be fixed (or at least be warned).

But, what engineers can learn from Intel’s mistake is that older hardware does indeed have inherent value. Engineers who design products should consider the long-term security of their devices and how customers in the future may require help ensuring that they are kept safe from cyberattacks.

Cybersecurity rules are becoming more stringent (such as PSTI), which demand companies not to use default passwords, provide customers with a customer care department to report security flaws, and inform clients how long their equipment will be supported, keeping old hardware becomes even more essential. Having older hardware allows engineers to look for flaws and figure out methods for fixing discovered flaws which can then be pushed to users. This will help companies improve their legal standing and set an example for the wider industry while installing user trust.

Overall, legacy hardware plays a key role in world infrastructure, and engineers should consider that their devices may be used for more than two years. Don’t make the mistake Intel made by not having older devices on hand; otherwise, you may find yourself on eBay looking for a product you designed 10 years ago.