Intel is Stockpiling Legacy Hardware in a Secret Lab in Costa Rica

Intel is Stockpiling Legacy Hardware in a Secret Lab in Costa Rica

For example, let’s say Intel releases a new piece of software, or a driver, which happens regularly. Will there be any security issues running it on a Haswell CPU, circa 2013? Or Sandy Bridge, on a Windows 7 system? These are the types of scenarios the company realized it needed to be testing, as customers can take many years to upgrade to the latest version of a CPU or platform, and the company had to be sure it’s newest software didn’t allow security holes when deployed on legacy systems. Plus, nobody wants to be testing for security flaws on users’ systems “in the wild” or a corporate environment, where data loss could be a problem. This is the type of work that’s best done in a lab.

Intel is Stockpiling Legacy Hardware in a Secret Lab in Costa Rica

According to the Intel, planning first began in 2018, which allowed for the creation of the Long-Term Retention Lab, which went into operation in the second half of 2019. In its nascent stage, its stockpile of older hardware was so lacking the company had to turn to eBay to find some parts, such as Sandy Bridge CPUs. However, after ramping up, the 14,000 square foot warehouse now holds more than 3,000 items, including both software and hardware, going back about 10 years or so. Engineers working in the facility are able to assemble specific hardware and software combos for Intel employees to test remotely, anywhere in the world. Intel notes that a lot of the testing requests it receives are in response to flaws submitted by outside researchers who participate in the company’s bug bounty program. With a ticket in-hand for a suspected flaw, an engineer can grab an 8-year old motherboard and CPU off the shelf, install a specific BIOS and version of Windows on it, and try to duplicate the issue.

It’s not surprising that this initiative dates back to mid-2018. Meltdown and Spectre were disclosed in early 2018 and were a frequently discussed topic that year. A great deal of attention has been focused on speculative execution side channel attacks over the past four years. It seems likely that Intel’s effort to assemble this comprehensive security research facility was driven in part by a need for more robust testing in the wake of Meltdown and Spectre. The company issued patches for a wide range of hardware when Meltdown and Spectre were first disclosed, and it may have decided to codify those efforts into a more formal program. We’ve reached out to Intel on this point and will update this story when we hear back.

Update: According to an Intel spokesperson, Spectre and Meltdown contributed to the perception within Intel that this was an important project. They were not the sole factor, and some of the security initiatives that contributed to the Long Term Retention Lab date back a decade or more.

One interesting anecdote from the journal’s reporting is it sounds like Intel asked all of its current, and former, employees to pitch in with any hardware and knowledge/documentation they might have had lying around to assist with the project. It also sounds like a busy place to work, with one manager stating they receive 1,000 requests a month to create specific hardware and software configurations for remote security tests, and they also receive 50 new devices weekly.

Easily the most intriguing angle of this story is the fact that Intel won’t reveal the location of the facility, as Intel notes that access to the building is strictly controlled, with security cameras watching the antiquated hardware 24/7 as well. It sort of brings to mind a Jurassic Park scenario, with 20-foot tall electrified fences surrounding the “Sandy Bridge Compound.” Taking the analogy even further, we’re imagining an unnamed engineer stating for the record, “It’s 100 percent secure. This technology will never escape!”

All jokes aside, for software and hardware tinkers like ourselves this sounds like a dream job. A warm and affordable locale, important-sounding security badges and lanyards, and getting to build computers all-day. Where do we sign up?

Continue reading

How Apple Is Collecting Your Data in macOS Big Sur
How Apple Is Collecting Your Data in macOS Big Sur

Apple's new Big Sur has been accused of some serious privacy violations and unfriendly user-access controls. The situation is a bit more nuanced.

Semiconductor Shortage Could Cost Automakers $61B in Lost Sales
Semiconductor Shortage Could Cost Automakers $61B in Lost Sales

Discussions between the auto industry and its chip manufacturing partners also sound as if they could be going better.

Apple’s Mixed Reality Headset to Cost $3K, Could Include 8K Displays
Apple’s Mixed Reality Headset to Cost $3K, Could Include 8K Displays

Rumors of an Apple-designed AR/VR product have rumbled around for years now, with nary a launch to show for it. New data, however, shed more information on the hardware than we've seen before.

Microsoft’s Windows 10X Woes Show Why Apple Won’t Unify macOS, iOS
Microsoft’s Windows 10X Woes Show Why Apple Won’t Unify macOS, iOS

Microsoft's difficulty launching a lightweight Windows variant is all the reason Apple needs to keep the iOS and macOS ecosystems distinct and separate.