Science & Tech

Class Action Suit Filed Against Intel for Massive Security Flaw

The marketing motto ‘Intel Inside’ is turning out to be a curse for most of the world’s computers.

On January 3, Intel, the maker of most of the world’s computer CPUs, was sued for building in two major security flaws in its processors.

These flaws go under the names of Meltdown and Spectre. They allow hackers to burrow into to steal data from mobile devices (including smartphones and tablets), personal computers, and more than 90 percent of computer servers. The Meltdown flaw in particular could allow hackers access to a computer’s core memory and allow the theft of private information including passwords. This access even includes cloud computer services.

Both of these flaws exploit something used by modern microprocessors to speed up computing. The concept behind them is called ‘speculative execution’, an algorithmic process which has the computer guessing what data a user will attempt to access next. It is done based on previous actions, and sets up the ‘guessed’ data in what is called the kernel, a computer memory layer riding between the hardware and the operating system.

There have already been various operating system fixes released or proposed to protect against the Meltdown design mess. Microsoft Windows’ fix for this was released on January 2.

The problem with this first fix for Meltdown, besides that the majority of users will probably never install the upgrades to protect themselves, is that the current software updates allegedly will “dramatically reduce the performance” of computers throughout the planet.

The reason for that performance cut is that the solutions all rely on eliminating that ‘speculative execution’ method at the center of the flaw. That computational trick is critical to modern high-speed computing. Without it – and with the new fixes that have been proposed for the computers in place – computers could run as much as 30% slower than before the fix.

Amazon, Google, and Microsoft all claim they have already updated their cloud-computing services to keep hackers from being able to exploit the Meltdown flaw.

The second flaw, the one that goes under the name Spectre, is even more serious in the long run than Meltdown. The reason is that in this case Intel is not the only supplier stuck with the problem. There is also no fix identified so far which proposes to solve this particular vulnerability.

The current lawsuit covers Intel’s x86-64x computers, a category which has been manufactured since 2008. It was filed on behalf of lead plaintiffs Steven Garcia and Anthony Stachowiak. In their 26-page complaint against Intel, they allege Intel has neither replaced the defective computers or provided any software update which does not significantly affect computers’ performance.