Intel Chip Processors – Securities Class Action Investigation

Intel Chip Processors – Design Flaw Could Cause Intel Processor Chips to Be Vulnerable to Hackers

Intel Corporation (NASDAQ:INTC)

Kehoe Law Firm’s securities investigation concerns whether Intel Corporation and certain Intel Corporation officers violated federal securities laws.

On January 2, 2018, news media reported that a significant design flaw in Intel’s processor chips could allow malicious software to read protected areas of a device’s kernel memory, causing Intel’s processor chips to be “vulnerable to hackers” and “raises concerns about the company’s main products and brand.”

On the news of the Intel processor chip design flaw, shares of INTC fell $1.85, or 3.94%, to close at $45.00 on January 3, 2018, thereby injuring INTC investors.

Fundamental Intel Processor Chip Design Flaw Reported

On January 2, 2018, The Register reported (“Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign”) that [a] fundamental design flaw in Intel’s processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug. [Emphasis added]

The Register also reported that “[c]rucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we’re looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model.” [Emphasis added]

Impact of The Processor Chip Design Vulnerability

The Register described the impact of Intel processor bug as follows:

It is understood the bug is present in modern Intel processors produced in the past decade. It allows normal user programs – from database applications to JavaScript in web browsers – to discern to some extent the layout or contents of protected kernel memory areas.

. . .

Whenever a running program needs to do anything useful – such as write to a file or open a network connection – it has to temporarily hand control of the processor to the kernel to carry out the job. To make the transition from user mode to kernel mode and back to user mode as fast and efficient as possible, the kernel is present in all processes’ virtual memory address spaces, although it is invisible to these programs. When the kernel is needed, the program makes a system call, the processor switches to kernel mode and enters the kernel. When it is done, the CPU is told to switch back to user mode, and reenter the process. While in user mode, the kernel’s code and data remains out of sight but present in the process’s page tables.

. . .

The downside to this separation is that it is relatively expensive, time wise, to keep switching between two separate address spaces for every system call and for every interrupt from the hardware. These context switches do not happen instantly, and they force the processor to dump cached data and reload information from memory. This increases the kernel’s overhead, and slows down the computer.

Your Intel-powered machine will run slower as a result.

Intel Chip Processors – The Security Vulnerability & Hackers

According to The Register, the Intel chip processor “vulnerability could be leveraged by malware and hackers to more easily exploit other security bugs.”  The Register described the security hole as follows:

At worst, the hole could be abused by programs and logged-in users to read the contents of the kernel’s memory. Suffice to say, this is not great. The kernel’s memory space is hidden from user processes and programs because it may contain all sorts of secrets, such as passwords, login keys, files cached from disk, and so on. Imagine a piece of JavaScript running in a browser, or malicious software running on a shared public cloud server, able to sniff sensitive kernel-protected data.

On January 3, 2018, Reuters reported (“Security flaws put virtually all phones, computers at risk”) that

[s]ecurity researchers . . . disclosed a set of security flaws that they said could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel Corp, Advanced Micro Devices Inc and ARM Holdings. [Emphasis added]

One of the bugs is specific to Intel but another affects laptops, desktop computers, smartphones, tablets and internet servers alike. Intel and ARM insisted that the issue was not a design flaw, but it will require users to download a patch and update their operating system to fix.

“Phones, PCs, everything are going to have some impact, but it’ll vary from product to product,” Intel CEO Brian Krzanich said in an interview with CNBC Wednesday afternoon.

Researchers with Alphabet Inc’s Google Project Zero, in conjunction with academic and industry researchers from several countries, discovered two flaws.

The first, called Meltdown, affects Intel chips and lets hackers bypass the hardware barrier between applications run by users and the computer’s memory, potentially letting hackers read a computer’s memory and steal passwords. The second, called Spectre, affects chips from Intel, AMD and ARM and lets hackers potentially trick otherwise error-free applications into giving up secret information.

. . .

Daniel Gruss, one of the researchers at Graz University of Technology who discovered Meltdown, called it “probably one of the worst CPU bugs ever found” in an interview with Reuters. [Emphasis added]

Gruss said Meltdown was the more serious problem in the short term but could be decisively stopped with software patches. Spectre, the broader bug that applies to nearly all computing devices, is harder for hackers to take advantage of but less easily patched and will be a bigger problem in the long term, he said.

Intel Chip Vulnerabilities & Intel’s Acknowledgement of the Problem

On January 4, 2018, NPR reported (“Intel Acknowledges Chip-Level Security Vulnerability in Processors”) that

[s]ecurity researchers have found serious vulnerabilities in chips made by Intel and other companies that if exploited could leave passwords and other sensitive data exposed.

“Several researchers, including a member of Google’s Project Zero team, found that a design technique used in chips from Intel, Arm and others could allow hackers to access data from the memory on your device. The problem impacts processors going back more than two decades and could let hackers access passwords, encryption keys or sensitive information open in applications,” according to CNET.

The discovery comes shortly after the chipmaker said it was working on a patch.

In a statement released Wednesday, Intel acknowledged the problem, saying that it is “working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits.”

Wired explains that the bug “… allows low-privilege processes to access memory in the computer’s kernel, the machine’s most privileged inner sanctum. Theoretical attacks that exploit that bug, based on quirks in shortcuts Intel has implemented for faster processing, could allow malicious software to spy deeply into other processes and data on the target computer or smartphone.”

Other Comments About the Intel CPU Bug Issue

Additional information about the CPU issue can be found in The Register’s “translation of Intel’s attempt to spin its way out of the CPU security bug” article here and Gamer Meld’s YouTube video, “Intel Responds To “Bug” In Their CPU Architecture!.”

Intel Corporation Investors

If you purchased Intel securities or would like to learn more about the securities investigation or potential legal claims, please contact John Kehoe, Esq., (215) 792-6676, Ext. 801, [email protected], complete the form above on the right or e-mail [email protected].

Kehoe Law Firm, P.C.