Intel facing multiple class action suits over chip security flaw

Intel is facing at least three class action lawsuits over a recently revealed security flaw. The complaints, published by Gizmodo, were filed in Oregon, California, and Indiana by owners of Intel CPU-based computers. They allege that the vulnerability, which Intel learned about several months ago, makes its chips inherently faulty. Intel has helped provide security patches, but the complaints raise concerns that these patches will hurt computer performance, and aren’t an adequate response to the problem.

Researchers revealed two major CPU bugs, dubbed Spectre and Meltdown, earlier this week. The Meltdown flaw is specific to Intel chips, and it strikes at the heart of how CPUs process information. Security patches offer a workaround, but The Register initially reported that they could slow down PCs by 5 to 30 percent, leading to widespread alarm. Intel has denied this, saying that “any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.” Since companies are still in the midst of rolling out patches, their practical effects are hard to measure.

Intel isn’t the only chipmaker affected by this week’s revelations: the Spectre flaw is widespread and potentially more difficult to fix, and we don’t know how serious the problem might be in the long term. Google recently announced a patch with a “negligible” impact on performance, echoing Intel’s claims. Intel, meanwhile, says it’s now rendered Intel-based PCs “immune” to both Meltdown and Spectre, but we wouldn’t be surprised to see even more lawsuits filed in the coming weeks — whether against Intel or other manufacturers.

Comments

Of course they are!

’Murica!

Well, the American company Intel being sued in America for something this big seems to make sense.

Are you suggesting these are frivolous?

Yes, it is frivolous. So they have a bug. Name one major software product without a bug. It wasn’t negligence, ignorance, or incompetence. Just a bug in a complex system, and one that can be worked around via an operating system.

People are worried a program will read data in memory from another program. That would be malware. Why would said person have malware on the computer? Plus, it’s far easier to capture keystrokes or just read the hard drive.

Not good for cloud providers like Amazon, but … again, it’s a bug. It’s crazy suing over this.

The base for this action is very well fundamented in my opinion. Mainly because of the perfomance loss the patch will cause.

A performance loss that is mostly negligible at 100% load.

They have to prove intent to harm though. The flaw is hardware related, which means disabling or altering the hardware function is the only solution at the moment to protect customers of existing products. The processors weren’t designed intentionally have this flaw seeing as this affects processors that are more than ten years old and was only discovered recently.

Not defending Intel but stating the general facts. This isn’t like VW where they intended to skirt regulators. They have to solve the problem somehow or risk an even bigger repercussion.

The so-called performance losses is caused because of the initial patches immaturity. These performance losses subside quickly as software developers work to bring back the performance over time. Remember the initial patches are not the only patches that will come to solve these vulnerabilities. It will take many many updates over time and eventually we will not see any performance loss, only performance gains. That is the beauty of software, it can and will be improved over time.

Well, maybe we should question the status quo then. It’s time that companies become more liable for the quality of the software they release. Who says it wasn’t incompetence, ignorance or negligence? Often times, companies rush software out and rely on after-the-fact patches. It’s time companies pay for releasing buggy software.

You could argue though they should have known about it with research and study, and that they have been selling chips since June that they knew would be slower and were making false claims of those processor sales that you would be able to safely continue to use those chips at full power.

They should have been more transparent, and obviously they were not.

My question is if they got to know about this flaw back in June then why go ahead and release a new line of processors WITH the flaw later on.
Plus for someone who just bought a maxed out 2017 MacBook Pro just two months back (paying you know how much), it certainly is upsetting knowing that we didn’t have the full information while making the purchase (even if it was well intended by Intel to keep the information hidden at the time)

So, researchers discovered the bugs? Did they give the companies a reason amount of time to patch the bugs before announcing it to the public?

The embargo was for something like six months, so yes, they had a reasonable time window.

And they continued to sell the chips without making the buyer aware of the risk.

So what is the alternative?

End sales of all Intel processors or make the public aware of a bug that can also allow hackers to know of the bug as well and thus endanger all previous purchasers?

There is a reason White Hat security researchers don’t talk about flaws with the public until a predetermined period of time.

Make the public aware of a risk without going into detail would be the responsible thing.

Ya…private enterprises are just going to sit around with baited breath for 6 months while Intel works it out…

Correct. This is also exactly why FCA didn’t immediately publicize the hack of one of their Jeeps a couple years ago. The public just knowing someone was able to do it caused enough of a ripple, and the public hadn’t even been made aware of exactly how at that point.

They’re already patching it with minimal impact to performance, so there’s not really much to sue over.
The fact that this issue apparently affects every modern processor on the market, mobile and desktop alike, makes it a little silly to target just intel with these lawsuits.

Since Intel had and has for a very long time market dominance, taken through questionable strategies, it makes sense to target them first. All cloud services are more or less based on intel. So yeah, karma’s a bit*h. As much as I love intel they should be grilled.

The market will indeed grill them.

I hate Intel, and I’m glad they’re getting "grilled".

Intel and nVidia are the two worst companies in all of computing. The term "assholes" comes to mind.

Are AMD chips affected by Meltdown and Spectre?

Spectre hits everything, Meltdown is Intel and a small number of ARM chips I think.

Only one of the known exploits work (out of 3) on AMD and its hard to exploit at that as well.

Meltdown affects Intel, Apple (Intel/ARM) and some ARM chips.

View All Comments
Back to top ↑