Quick Cyber Thoughts: Computex 2024

Updated on
Computex/Taipei Computer Association, TCA/Taiwan External Trade Development Council, TAITRA

We're in the dying days of Computex 2024, and I have some cybersecurity related thoughts.

For those of you who aren't big computer hardware nerds, Computex is a big PC hardware vendor convention that typically occurs in Taipei, Taiwan. The main hardware vendors all either have keynote presentations at the event, or in the case of Nvidia, just before it, and lots of the secondary and tertiary vendors also make announce new products (everything from components to laptops and mini-PCs).

Since hardware runs all the software we use and hosts plenty of vulnerabilities, it's good to think about the cybersecurity implications of the tech we're going to be using in the foreseeable future.

Nvidia promises us a nightmare future of AI and high prices

Nvidia, the company that makes super expensive consumer graphics cards and supplies most AI companies with GPUs for training AI, decided to really push the idea of AI agents to investors and the mainstream press.

The basic TL;DR version of agents is pretty straight forward, actually:

  1. The user inputs some prompt into a general LLM chatbot.
  2. The chatbot examines what the prompt contains and wants done.
  3. The chatbot passes off an optimized version of the prompt to another LLM that is specifically trained for that task.
  4. The optimized LLM runs the task and generates output.
  5. The output is sent to the chatbot LLM.
  6. The chatbot presents that output to the user.

From a cybersecurity POV, this is a nightmare, for a few reasons:

  • We now have to ensure confidentiality, integrity, and availability of multiple AI models and the content going to/from them.
  • We have to assess multiple AI models to ensure they aren't compromised, either by malware, vulnerabilities, or bad data.
  • If we want to run AI on local endpoints or even just on on-premises servers, the hardware requirements just skyrocketed.

If you're wondering why that last point is there, just realize that it's now harder to propose getting local hardware to run AI. Because now, you need better hardware, and better hardware tends to be more expensive, especially in quantity.

(When the AI training bubble pops, there'll probably be a lot of hardware for sale, but whether it'll be any good for the purposes of running production level AI agents is an open question.)

AMD got backstabbed by Microsoft, so now we're out of a cheap(er) AI solution

AMD would've had a solution to the AI hardware issue, but they don't, thanks to Microsoft not buying their proposed server chip.

As detailed by tech journalist and leaker Moore's Law is Dead, Turin AI (Turin being the code name for AMD's Zen 5 architecture) would have been a Neural Processing Engine chiplet that featured hundreds of TOPs of AI performance.

For reference, laptop processors with 50 TOPs are considered impressive AI performance and a minimum specification by Microsoft.

Why does this matter?

Because AMD is the master of reusing their silicon. All of their consumer/prosumer products for desktops and workstations are basically server chiplets that didn't hit the efficiency standards for server SKUs. They then get filtered down the product stack to fill various price points and niches in the market.

So, by denying AMD the contract, Microsoft has denied the entire ecosystem of a cheap option for AI inference (output). Which is not great when executives and management get the AI agents brain bug and start pushing in that direction.

Intel struggles to stay viable

Intel, once the go-to PC hardware vendor for just about every major corporation and government, is not in a great place.

The past few years have been rough for Intel. Getting stuck on less advanced silicon nodes, having less advanced products than the competition, and of course, major hardware vulnerabilities (Spectre/Meltdown) all whittled away at their stranglehold on the PC markets.

At Computex, Intel showcased a bunch of its current problems:

  • It's still not performance competitive with AMD in a lot of regards (CPU and NPU performance most obviously).
  • Lots of their products have been delayed, so they look even worse than they could have.
  • Their chip foundries haven't been pumping out lots of high quality product lately.
  • Their continuing tendency to talk about future products without actually getting their release cadence back on track.

All of these are concerning, but the most concerning from a cybersecurity perspective is their lack of competitive performance. There's a whole slew of new potential exploits in the branch prediction parts of modern CPUs. What's branch prediction? It's basically a way for the CPU to speed up operations by guessing the likely outcome of operations.

While a lot of these branch prediction exploits can be mitigated with better software programming, there's always the chance of a BIOS update that changes the microcode that controls the CPU. And when past Intel threat mitigations have produced up to 50% performance reductions, that's a major cybersecurity and operational issue. You're going to have to start air gapping systems if you can't replace them with higher performance parts.

Get ready for Snapdragon X Elite software validation

One thing that was shown to the public before Computex 2024 was Microsoft using Snapdragon X Elite as one of its Copilot+ laptop processors. These are ARM based processors, and for those of you who don't know, that's the architecture that most mobile phone CPUs use.

The general sentiment seems to be that Microsoft and laptop vendors are promoting these CPUs to put pressure on AMD and Intel in the laptop space, especially in the lower tier products. So what does that mean for us cybersecurity folks?

  • Get ready to spend time validating that all your endpoint security software works. Windows 11 ARM edition might have good emulation, but that's no guarantee any of your security and monitoring will work.
  • Time to work up a whole new testing scheme for any and all X Elite based laptops that your organization thinks about adopting.
  • Somebody has to get good at vulnerability testing the X Elite and Windows 11 ARM edition.

And these are just the obvious problems a novice like me can see. I'm sure there's plenty more you can think of.

Get ready to purge Windows Recall from all your Copilot+ machines

Windows Recall isn't even an official release yet, and there's already Python scripts designed to access the unencrypted database that application creates.

The safest course of action is going to be simply removing the whole thing until Microsoft implements some proper security... but at the same time, will anyone miss the extra CPU, RAM, and HDD/SSD utilization?

(Also, to push back on Mental Outlaw, this will not push people to Linux. As someone who's had UXUI training, Linux violates so many heuristics of good UXUI. You genuinely need to replace the various terminals with LLM chatbots to make widescale Linux adoption even somewhat viable.)

Related posts