Meltdown and Spectre — the vulnerabilities discovered in virtually every PC and mobile device in use — have a lot of people spooked. Apple Inc. (NASDAQ:AAPL) and Microsoft Corporation (NASDAQ:MSFT) are scrambling to release security patches.
Intel Corporation (NASDAQ:INTC) is on the defensive, with fingers pointed at its CPU architecture. But one company that could really feel a financial impact from the Meltdown and Spectre fallout is Amazon.com, Inc. (NASDAQ:AMZN).
As yet AMZN stock does not reflect the risk. In fact, AMZN stock is up over 3% since the announcement of what’s been called the worst CPU bugs ever discovered. Here’s why Amazon could end up feeling the impact of these vulnerabilities.
Meltdown and Spectre
The first week of 2018 kicked off with a bang, when computer security researchers dropped a bombshell announcement. The team, which includes members of Alphabet Inc’s (NASDAQ:GOOGL) Google Project Zero, discovered two critical vulnerabilities in modern CPUs that they named Meltdown and Spectre.
Both would allow malware to read data stored in the memory of other programs running on a PC. Because of the way CPUs cache data for efficiency, that could be literally anything from passwords to top-secret documents.
Companies have been rushing to release patches for Meltdown, which at this point affects Intel CPUs. However, the patch slows the computers down. In worst case scenarios, that performance impact can be as high as 30%.
Spectre is the one that seems to have researchers particularly worried. It not only affects Intel chips, but also processors from Advanced Micro Devices, Inc. (NASDAQ:AMD) and ARM-based chips, like the ones that power Apple’s iPhone. It’s also more difficult to patch and stamping out exploits that take advantage of Spectre could take years.
Why Could Meltdown and Spectre Affect AMZN Stock?
There are several ways that Meltdown and Spectre pose a risk to Amazon. The most obvious is that amazon.com is a website, and it’s powered by PCs. Any slowdown in performance because of patching means a slower experience for customers.
To remedy that, Amazon may have to throw additional hardware into the mix, increasing its operating cost. There is also concern from customers that Spectre might mean someone hacks Amazon and has access to their personal and financial information.
That’s not the real problem, though.
Amazon’s biggest source of profit is Amazon Web Services, or AWS. And AWS is impacted by the effects of the Meltdown patch and vulnerable to Spectre exploits. As the research team that discovered the exploits noted:
“Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers.”
According to The Register, Amazon is working with customers whose applications have slowed because of the Meltdown patch applied to AWS. But that can mean having to optimize their code (time intensive and costly), or moving their application to a more powerful and more expensive AWS virtual machine.
Speed is one thing, but it’s the potential for Spectre to wreak havoc on AWS security that is worrisome. There has been a big move to cloud infrastructure over the past decade, with many companies turning to cloud providers like AWS as a more affordable alternative to running their own data centers.
AWS passed 1 million active users in early 2016, including government agencies and high profile customers like Netflix, Inc. (NASDAQ:NFLX). Hardware is shared by many users — each within a securely isolated software instance — and a single company’s virtual network could be spread across hundreds or even thousands of servers.
As The Verge points out, Spectre raises the possibility that a criminal organization could run their own application on AWS, then use a Spectre exploit to access the data from all the other customers who are using that same CPU.
No Spectre exploits have been confirmed to date, and all the tech companies involved are hard at work on patches. But it could take years for the fallout from Meltdown and Spectre to be known. AWS is a huge target, and any cloud incidents traced back to these vulnerabilities could cause customers to bail (and make consumers think twice about shopping online at Amazon.com). And with AWS being such a dominant part of Amazon’s profit, that scenario would be very bad news for AMZN stock.
As of this writing, Brad Moon did not hold a position in any of the aforementioned securities.