Security Experts:

Lawsuits Filed Against Intel Over CPU Vulnerabilities

At least three class action lawsuits have been filed against Intel in the past days over the recently disclosed vulnerabilities that could allow malicious hackers to obtain potentially sensitive information from computers.

The Meltdown and Spectre attack methods uncovered by several independent research teams work not only against Intel processors, but also against CPUs from AMD and ARM. Intel has been hit the hardest – even its stock went down after initial reports claimed only Intel processors were affected – but the company says media reports describing the design flaws are overblown.

The lawsuits, all seeking class action status, have been filed in the Northern District of California, the Southern District of Indiana, and the District of Oregon, and they accuse Intel of violating state consumer protection laws. All complaints demand a jury trial.

In California, Branstetter, Stranch & Jennings of Nashville and Doyle APC of San Diego filed a consumer fraud case, accusing Intel of misleading consumers about the performance and reliability of its processors by selling a product with “fatal” security flaws.

The complaint filed in Indiana alleges that “Intel committed unfair and deceptive acts by representing that the Intel CPUs had performance, characteristics, or benefits which Intel knew or should reasonably have known they did not have.”

The chip giant has also been accused of breaching warranties by selling defective CPUs that it’s not willing to repair or replace free of charge. The Indiana lawsuit also claims the company was negligent in the manufacture and design of its processors.

In Oregon, plaintiffs say they are entitled to restitution based on Intel’s “intentional and knowing failures to disclose material defects.” The complaint claims plaintiffs would have acquired a CPU from an Intel competitor had they known about the flaws and the fact that they will end up with a slower product.

The Meltdown and Spectre attacks allow malicious applications to bypass memory isolation mechanisms and access potentially sensitive data, including passwords, photos, documents, emails, and data from instant messaging apps. The bugs that make these attacks possible are said to date back 20 years.

Intel and other major tech companies have started releasing patches and workarounds for the vulnerabilities, and many believe it’s enough for the time being. Some have suggested that Intel may need to recall impacted CPUs, but the vendor says that will not happen considering that the issue can be mitigated at software level.

Significant performance penalties have been observed in some cases, but Intel says most consumers will not experience any problems, and it’s confident that any penalties will be mitigated over time.

AMD has confirmed that some of the flaws also affect its own processors, but claims the risk of attacks is “near zero.” ARM, whose technology is used by Apple and Qualcomm, also confirmed that nearly a dozen of its Cortex CPUs are impacted.

Related: Hackers Expected to Remotely Exploit CPU Vulnerabilities

Related: Industry Reactions to Meltdown, Spectre Attacks

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.