A class action lawsuit has been filed against Intel, one of the world’s leading semiconductor companies, over its handling of speculative execution vulnerabilities found in its central processing units (CPUs). The plaintiffs argue that the Intel CPUs they have purchased are “defective” as they are either left vulnerable to cyberattacks or suffer from significantly slower performance due to vulnerability fixes. This lawsuit brings to light the ongoing concerns and frustrations of customers who feel let down by the company’s response to these security flaws.
Disclosure of Speculative Execution Vulnerabilities
The complaint asserts that Intel has been aware of speculative execution vulnerabilities in its processors since 2018 when cybersecurity researchers disclosed the existence of two attack methods named Meltdown and Spectre. These vulnerabilities allowed attackers to exploit the design flaws in Intel CPUs to access sensitive data. Since then, several other speculative execution vulnerabilities have come to light, and Intel has been taking steps to address them.
Customer Displeasure and Performance Degradation
One significant issue highlighted by the plaintiffs is that the fixes for these vulnerabilities often introduce significant performance degradation. Customers argue that they purchased Intel CPUs under the assumption that they were acquiring high-performance chips, but were instead burdened with slower and less efficient systems. The frustration stems from the fact that Intel continued selling flawed CPUs for several years, despite being aware of the potential risks and the adverse impact on performance.
The Downfall Attack
One of the recently disclosed speculative execution vulnerabilities is named Downfall, which was unveiled in August. This attack method has been described as highly practical, and a proof-of-concept exploit demonstrated how it could be leveraged to steal OpenSSL encryption keys. Given its severity, the plaintiffs argue that Intel had over a year to address this vulnerability but allegedly failed to do so adequately.
Intel’s Microcode Update and Performance Handicap
In response to the Downfall vulnerability, Intel issued a microcode update. However, the class action complaint contends that this update significantly handicapped the very systems essential to the function of every modern CPU. It alleges that the update resulted in up to a 50% performance degradation, making the CPUs even less efficient and diminishing their value.
Decrease in value and monetary relief
The complaint highlights the decrease in value of affected Intel CPUs due to the performance degradation caused by the vulnerability fixes. Customers argue that they purchased these CPUs expecting top-notch performance and are now left with compromised systems. The plaintiffs are seeking monetary relief against Intel, either in the form of actual damages to be determined at trial or statutory damages of $10,000 for each plaintiff.
Intel’s response and potential impact of the lawsuit
SecurityWeek has reached out to Intel for comment regarding the class action lawsuit. It remains to be seen how the company will respond to these allegations and whether they will offer any compensation or remedies to affected customers. This lawsuit has the potential to hold Intel accountable for its handling of the speculative execution vulnerabilities and its impact on customers. The outcome could not only lead to financial consequences for Intel but also encourage the company to prioritize security and performance in their future CPU designs.
The class-action lawsuit filed against Intel over its handling of speculative execution vulnerabilities reinforces the concerns of customers who have faced security vulnerabilities and performance issues with their Intel CPUs. The complaint alleges that Intel had knowledge of these vulnerabilities but failed to adequately address them, resulting in adverse effects on system performance. The plaintiffs seek monetary relief to compensate for the decrease in the value of their CPUs caused by these issues. As the lawsuit progresses, it remains to be seen how Intel will respond and what impact this legal action will have on the company’s reputation and future CPU designs.