Jan 15, 2018 | Consumer Protection, Employment & Technology Archive
CellMark Biopharma, LLC & CEO Barred From Making Deceptive Claims About The Ability of CellAssure and Cognify to Mitigate Side Effects of Cancer Treatment
On January 11, 2018, the FTC issued a press release concerning the settlement of FTC charges against CellMark Biopharma and CellMark’s CEO, Derek E. Vest, for making false or unsupported claims regarding health products they marketed as effective treatments for cancer-related malnutrition and cancer treatment-related cognitive dysfunction, also known as “chemo fog.”
Deceptive Marketing of CellAssure & Cognify
According to the FTC’s press release:
According to the [FTC’s] complaint, CellMark and its CEO, Derek E. Vest, violated the FTC Act by deceptively advertising two products for cancer patients: CellAssure, to treat cancer-related malnutrition, and Cognify, to treat “chemo fog.” A one-month supply of CellAssure sold for $248 and a one-month supply of Cognify sold for $79.
The FTC alleges that the defendants advertised the two products with a range of deceptive and unsupported health benefits for cancer patients. For example, the defendants described CellAssure as a medical breakthrough solution that “specifically addresses the malnutrition suffered by over 80% of all cancer patients” and claimed that CellAssure treats cancer with its “anti-cancer and anti-tumor properties.”
The defendants described Cognify as “the world’s first product designed specifically to alleviate . . . chemo fog . . . .” They also disseminated a YouTube video featuring a breast cancer patient who claimed that after taking Cognify, she could “remember the names of places and people and things” and started “thinking more clearly.” However, according to the FTC complaint, the defendants did not possess scientific evidence that these products provided any of the claimed benefits.
The proposed final stipulated order settling the Commission’s charges prohibits the defendants from engaging in similar conduct in the future. It requires them to have competent and reliable scientific evidence to support health claims for any product, and bars them from misrepresenting the results of any study, test, or scientific research.
FTC Fights Against Deceptive Marketing of Unproven Cancer Treatments
The FTC’s blog posting related to the FTC’s settlement with CellMark Biopharma and its CEO (“FTC challenges claims that products could treat side effects of cancer treatment”) stated:
Two serious complications of cancer treatment are cachexia (the wasting syndrome some patients experience) and “chemo fog” (the chemotherapy-related cognitive dysfunction that patients often report). CellMark [Biopharma] claimed to have the answer to both problems.
Selling for $248 for a one-month supply, CellAssure was advertised to treat cachexia and cancer-related malnutrition. In addition, according to the FTC, the defendants conveyed to consumers that CellAssure would improve cancer patients’ ability to withstand the rigors of surgery, radiation, and chemotherapy. But that’s not all. The defendants also claimed that the product “exhibits anti-cancer/anti-tumor effects” and that CellAssure’s ingredients had been “clinically proven” to provide the advertised benefits.
Marketed to treat the memory loss and cognitive impairment sometimes reported during and after chemotherapy, a one-month supply of Cognify cost cancer patients $79. According to ads, Cognify would “protect brain cells/neuro-transmitters against toxins,” “improve cognitive functioning, memory, and processing,” and “stimulate the growth of new brain cells” in patients undergoing chemo. The company used a similar “don’t just take our word for it” tactic by claiming that Cognify’s ingredients were “clinically proven.”
But according to the FTC, the defendants didn’t have sound science to back up their promises. What’s more, the complaint charges that the company’s “clinically proven” claims were false. [Emphasis added]
The settlement in the case requires the defendants to have randomized, double-blind, placebo-controlled testing conducted by qualified researchers to support future cancer- or disease-related claims for dietary supplements, foods, or drugs. Other health claims will need “competent and reliable scientific evidence,” as that phrase is defined in the order. The settlement also prohibits misrepresentations about tests, studies, or research.
The terms of the settlement apply just to CellMark and CEO Derek Vest – who . . . is serving time in federal prison for criminal conduct related to the sale of other dietary supplements. But the case reminds marketers just how seriously the FTC takes claims directed to cancer patients and others battling serious medical conditions. [Emphasis added]
Source: FTC.gov
Jan 14, 2018 | Consumer Protection, Employment & Technology Archive
Charity-Related Telemarketer InfoCision Charged by FTC with Making Express Misrepresentations to Solicit Donations
The FTC issued a press release regarding Akron, Ohio-based InfoCision, Inc., a company that has made millions of calls to consumers nationwide on behalf of charitable organizations.
InfoCision has agreed to pay a $250,000 civil penalty to settle Federal Trade Commission charges that InfoCision’s telemarketers misled consumers by falsely saying they were not calling to solicit contributions.
The proposed order settling the charges, filed by the Department of Justice on the FTC’s behalf, also bars InfoCision from violating the FTC’s Telemarketing Sales Rule, which requires telemarketers calling on behalf of a charity to promptly tell someone the charity on whose behalf they are calling and if the purpose of the call is to seek a donation.
FTC’s Telemarketing Sales Rule – An Overview
The FTC’s complaint filed against InfoCision, Inc. described the FTC’s Telemarketing Sales Rule as follows:
Congress directed the FTC to prescribe rules prohibiting abusive and deceptive telemarketing acts or practices pursuant to the Telemarketing Act, 15 U.S.C. §§ 6101- 6108. The FTC adopted the original Telemarketing Sales Rule in 1995, extensively amended it in 2003, and amended certain provisions thereafter. See 16 C.F.R. Part 310.
Section 1011 of the USA Patriot Act, codified in relevant part at 15 U.S.C. §§ 6102 and 6106, amended the Telemarketing Act to cover “charitable solicitations” and directed the FTC to expand the scope of the Telemarketing Sales Rule to cover calls made to solicit charitable contributions.
In 2002, the FTC amended the Telemarketing Sales Rule to modify the definition of telemarketing to:
- include interstate calls made by for-profit telemarketers to solicit charitable contributions;
- require for-profit telemarketers calling to solicit such contributions to promptly disclose the name of the organization making the request and that the purpose of the call is to ask for a charitable contribution; and
- prohibit for-profit telemarketers from making a false or misleading statement to induce any person to make a charitable contribution.
These requirements ensure that for-profit telemarketers that solicit charitable contributions are truthful about the purpose of the call and that consumers receive material information so that they can make informed choices about whether to engage with the telemarketers and give a charitable contribution.
Under the Telemarketing Sales Rule, a “telemarketer” means “any person who, in connection with telemarketing, initiates or receives telephone calls to or from a customer or donor.” 16 C.F.R. § 310.2(ff).
A “donor” means “any person solicited to make a charitable contribution,” 16 C.F.R. § 310.2(p), and a “charitable contribution” means “any donation or gift of money or any other thing of value.” 16 C.F.R. § 310.2(h).
Under the Telemarketing Sales Rule, an “outbound” telephone call means “a telephone call initiated by a telemarketer to induce the purchase of goods or services or to solicit a charitable contribution.” 16 C.F.R. § 310.2(x).
The Telemarketing Sales Rule prohibits telemarketers from “[m]aking . . . false or misleading statement[s] to induce any person to pay for goods or services or to induce a charitable contribution.” 16 C.F.R § 310.3(a)(4).
USA v. InfoCision, Inc. – The FTC’s Complaint for Civil Penalties, Permanent Injunction & Other Relief
According to the FTC’s complaint, since at least 2013, InfoCision has conducted hundreds of telemarketing campaigns reaching consumers nationwide on behalf of charitable organizations. In some of those campaigns, the FTC alleges, InfoCision’s telemarketers called consumers and told them at the start of the call that they were not calling to ask for a donation.
According to the FTC, the telemarketers subsequently asked consumers to mail or hand-deliver materials requesting donations to family members, friends, or neighbors. Additionally, in many cases, despite initially saying they were not calling to solicit donations, InfoCision’s telemarketers allegedly asked consumers to donate money, generally in amounts ranging from $10 to $50. Based on this conduct, the FTC’s complaint charges InfoCision with making false or misleading statements to induce consumers to make a charitable contribution, in violation of the Telemarketing Sales Rule.
The proposed order settling the FTC’s charges bars InfoCision, in connection with its telemarketing activities, from making any false or misleading statements designed to induce anyone to pay for goods or services or make a charitable contribution.
The FTC’s proposed order also requires InfoCision, when making outbound telemarketing calls to induce a charitable contribution, to truthfully disclose: 1) the name of the charity on whose behalf it is making the call; 2) that the purpose of the call is to solicit a charitable contribution; and 3) whether the contribution sought is a donation, monetary gift, or anything else of value. The order also bars InfoCision from violating the Telemarketing Sales Rule in the future.
Finally, the order imposes a $250,000 civil penalty against InfoCision and includes standard recordkeeping and monitoring provisions to ensure compliance with its terms.
Consumers: For-Profit Charitable Callers Must Follow the Telemarketing Sales Rule
A recent FTC blog posting advised that “The Do Not Call Registry” is designed to stop unwanted sales calls; however, one exception to the Do Not Call Registry allows for-profit fundraisers to call individuals on behalf of charities even if one’s telephone number is listed on the Do Not Call Registry. When these charitable fundraisers call someone, however, they must still follow the Telemarketing Sales Rule.
Examples of Telemarketing Sales Rule requirements that charitable, for-profit fundraisers must follow:
- Fundraisers can’t call before 8 a.m. or after 9 p.m.
- Fundraisers must promptly state the charity they’re calling for and state that the purpose of the call is to seek a donation.
- Fundraisers can’t make a false or misleading statement to persuade one to donate.
- Fundraisers cannot misrepresent information during the call, such as the fundraiser’s connection to the charity; the mission or purpose of the charity; whether a donation is tax deductible; or how a donation will be used or how much of the donation actually goes to charity programs.
- Fundraisers cannot use a robocall or prerecorded message to reach an individual unless the individual has supported the charity in the past.
- Fundraisers also cannot call a person again if the person tells them that he/she does not want any more calls from that charity.
Source: FTC.gov, consumer.ftc.gov, ecfr.gov.
Have You Received Unsolicited or Unwanted Telemarketing Calls, Autodial Calls, Robocalls or Text Messages?
If you have received unwanted, unsolicited or harassing telemarketing calls, autodial calls, robocalls or text messages and would like to speak privately with an attorney to learn more about your potential legal rights, please complete the form to the right or contact Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected]; John Kehoe, Esq., (215) 792-6676, Ext. 801, [email protected]; or send an e-mail to [email protected].
Jan 11, 2018 | Consumer Protection, Employment & Technology Archive
ACMA: Vodafone Breaches Verification Rules Before Activating Prepaid Mobile Services
Kehoe Law Firm is investigating claims on behalf Vodafone Group plc investors (NASDAQ:VOD) to determine whether Vodafone and certain of its officers or directors have engaged in securities fraud or other unlawful business practices.
On January 10, 2018, post-market, the Australian Communications and Media Authority (“ACMA)” announced that “Vodafone Network Pty Limited will significantly improve its processes for verifying the identity of prepaid mobile customers under an enforceable undertaking accepted by the Australian Communications and Media Authority,” subsequent to an investigation by the ACMA which disclosed that Vodafone “failed to verify the identity of at least 1,028 customers before activating their prepaid mobile services.” According to the ACMA media release, “[t]he breaches occurred between 6 January 2015 and 6 January 2016. They resulted from changes to Vodafone’s IT systems that allowed customers to self-select online that their identity had been verified in store, without any further check that this had actually occurred.”
The ACMA’s Final Investigation Report stated:
After completing its investigation, the ACMA finds that Vodafone Hutchison Australia Pty Limited [VHA] . . . has contravened section 2.3 of the Telecommunications (Service Provider – Identity Checks for Prepaid Mobile Carriage Services) Determination 2013 (the Prepaid Determination) on at least 1,028 occasions. As a consequence of these contraventions, the ACMA also finds that VHA contravened subsection 101(1) of the Telecommunications Act 1997 (the Act) on at least 1,028 occasions as it did not comply with the service provider rules that apply to it, namely the rules set out in the Prepaid Determination in force under section 99 of the Act. [Emphasis added]
Further, the ACMA report stated that “[i]n February 2016 the ACMA became aware of an option on VHA’s website which allowed customers of its prepaid mobile carriage services to select that their identity had been verified in a store and then proceed to activate their service through use of the website,” and “[t]he ACMA was concerned that the ID-checked in store option appeared to allow customers to activate their prepaid mobile carriage service using the website without VHA necessarily having checked the customer’s identity at the time of sale . . . of the service or at the time of activation as required by the Prepaid Determination.” [Emphasis added]
The ACMA’s Final Investigation Report referred to “ID-checked in store option” as the option which allowed VHA customers to self-select on VHA’s website that their identity had been verified in store followed by activation of their prepaid mobile carriage service.
On this news, Vodafone’s American Depositary Receipt price fell sharply during intraday trading on January 11, 2018.
Vodafone ADR Investors
If you have questions or concerns about Kehoe Law Firm’s investigation, please contact John Kehoe, Esq., (215) 792-6676, Ext. 801, [email protected], complete the form above on the right or e-mail [email protected].
Jan 8, 2018 | Consumer Protection, Employment & Technology Archive
Germed Inc. & Germed Ltd. – Junk Fax Protection Act Class Action Filed
On January 4, 2018, a junk fax class action was filed in United States District Court, Northern District of Illinois, by Plaintiff Shaun Fauley against Defendants Germed Inc. and Germed Ltd (“Germed”) challenging Germed’s practice of sending unsolicited advertisements by facsimile in violation of the Junk Fax Protection Act of 2005.**
Germed Junk Fax Class Action – The Germed Junk Fax Class & Relief Sought
The junk fax class action lawsuit was brought on behalf of all persons who within the past four years prior to the filing of the class action were sent telephone fax messages advertising the commercial availability or quality of any property, goods, or services by or on behalf of Germed, from whom Germed did not obtain “prior express invitation or permission” to send advertisements by fax, or with whom Germed did not have an established business relationship, or where the faxed advertisements did not include an opt-out notice in compliance with 47 C.F.R. § 64.1200(a)(4)(iii).
The Germed junk fax class action lawsuit seeks injunctive relief enjoining Germed from sending unsolicited advertisements in violation of the JFPA, in addition to statutory damages of $500 for each violation of the JFPA and treble, or triple, damages.
Germed Junk Faxes – No Prior “Express Invitation or Permission” or Established Business Relationship
According to the Germed junk fax class action complaint, Germed faxed to Plaintiff and multiple other recipients the same and other unsolicited faxes with opt-out language identical or substantially similar to the opt-out language in this Germed complaint fax advertisement exhibit or sent the same and other advertisements by fax with the required opt-out language, but without first receiving the recipients’ express invitation or permission or without having an established business relationship.
Germed Junk Fax Class Action – Damages Suffered by Plaintiff and Other Class Members
The Plaintiff and other class members, according to the Germed junk fax class action complaint, suffered damages through the loss of paper and toner consumed when printing Germed’s facsimiles. Germed’s faxes used Plaintiff’s and other class members’ telephone lines and fax machines, resulting in a waste of time receiving, reviewing and routing Germed’s unauthorized faxes. The unauthorized facsimiles impacted time otherwise spent on the Plaintiff’s and the other class members’ business activities. Additionally, the Germed junk fax class action complaint alleges that Germed’s faxes unlawfully interrupted the Plaintiff’s and other class members’ privacy interests in being left alone.
**Fauley v. Germed Inc., et al (1:18-cv-00065, N.D. Ill.)
Consumer Information: Fax Advertising
The FCC’s Fax Advertising Policy states:
The Telephone Consumer Protection Act (TCPA), 47 U.S.C. § 227, restricts the use of the facsimile machine to deliver unsolicited advertisements. Specifically, the TCPA prohibits the use of “any telephone facsimile machine, computer, or other device to send an unsolicited advertisement to a telephone facsimile machine.” The TCPA applies only to those facsimile messages that constitute “unsolicited advertisements.” [T]he statutory prohibition applies to such advertisements [s]ent both to residential and business facsimile numbers.
In 2005, the Junk Fax Prevention Act amended the TCPA to permit the sending of unsolicited facsimile advertisements to individuals and businesses with which the sender has an established business relationship . . . and to provide a process by which any sender must cease sending such advertisements upon the request of the recipient. On April 5, 2006, the [FCC] adopted rules to implement the Junk Fax Prevention Act. Among other things, 47 C.F.R. § 64.1200 requires the sender of fax advertisements to provide notice and contact information on the fax that allows recipients to opt out of future fax transmissions from the sender and requires senders to honor opt out requests within the shortest reasonable period of time, not to exceed 30 days.
Consumer Information: Junk Fax FAQ’s
The FCC’s Junk Fax FAQ page states:
Unsolicited advertisements sent to your fax machine are sometimes called “junk faxes.” In most cases, FCC rules under the Telephone Consumer Protection Act and Junk Fax Prevention Act prohibit sending junk faxes.
Can companies send advertisements to my fax machine?
Businesses may send a fax advertisement to you if you gave them permission.
In all other instances, there must be both an established business relationship between you and the fax sender (based on an inquiry, application, purchase or transaction) and the sender must have obtained your fax number in one of the following ways:
Directly from you within the context of the established business relationship – for example, as part of an application, contact information form or membership renewal form.
From a directory, advertisement or website to which you voluntarily agreed to make the number available for public distribution, and the sender has taken reasonable steps to verify that you consented to have the number listed.
From your own directory, advertisement or website, unless you have noted on such materials that you do not accept unsolicited fax advertisements.
Fax advertisements sent as part of an established business relationship must include a notice informing you of your right to avoid future faxes and instructions for making an opt-out request.
A fax sender may not send fax ads based on obtaining your fax number in the ways described above without also having an established business relationship with you.
How do I opt out from receiving faxes?
If the fax you received includes a notice about opting out of future faxes, follow those instructions. The opt-out information must include a cost-free way to submit the opt-out request to the sender, such as a toll-free number, local phone number, web site address, or email address. These opt-out contact options must be available 24 hours a day, seven days a week.
When you send an opt-out request, be sure to identify the telephone number of your fax machine.
Senders must honor opt-out requests within the shortest reasonable time, not to exceed 30 days.
Putting an opt-out notice on a fax ad does not, by itself, make the fax lawful if the sender doesn’t also satisfy the requirements described above.
Have You Received Junk Faxes or Unsolicited Telemarketing Calls, Autodialer Calls, Robocalls or Text Messages?
If you have received junk faxes, unsolicited telemarketing calls, autodialer calls, robocalls or text messages and have questions about your potential legal rights, including whether to consider filing a lawsuit to try and recover monetary damages from Telephone Consumer Protection Act or Junk Fax Protection Act violations, please contact Kehoe Law Firm, P.C. by completing the form above on the right or sending an e-mail to [email protected].
Kehoe Law Firm, P.C.
Jan 6, 2018 | Consumer Protection, Employment & Technology Archive
Superior Court Action Filed By Urban Outfitters Department Manager Alleges Overtime Violations
On December 7, 2017, an overtime pay lawsuit was filed in the Superior Court of California, Los Angeles County, by Plaintiff Adam Friedlander against Pennsylvania-based Urban Outfitters, Inc.
The Plaintiff, an Urban Outfitters Department Manager from approximately July 2011 through approximately January 2014, alleged that Urban Outfitters wrongfully classified him as exempt from overtime protections under federal and California law and did not pay him for regularly worked overtime.
In the Superior Court action, the Plaintiff brought federal wage claims under the Fair Labor Standards Act (“FLSA”) and state claims California Labor Code, Cal. Lab. Code §§ 201-203, 226, 510, 1194, 1198, California Wage Order 7, and Unfair Competition Law, Cal. Bus. & Prof. Code § 17200 et seq.
Unpaid Overtime Sought by Urban Outfitters Department Manager
The Department Manager alleged FLSA and state law violations and, among other things, is attempting to recover unpaid overtime and liquidated damages for hours worked beyond 40 hours per workweek at a pay rate of not less than one and one-half times the regular rate of pay and liquidated damages under the FLSA. Under California law, the Plaintiff is trying to recover unpaid wages for all hours worked in excess of eight in a workday at a rate of one and one-half times the regular rate of pay and unpaid damages for all hours worked in excess of 12 in a workday at a rate of double the regular rate of pay.
Urban Outfitters Department Manager – Misclassified as Exempt & Not Paid Overtime
According to the state complaint, Plaintiff, in his capacity as an Urban Outfitters Department Manager, regularly performed his primary work duties, which included cleaning the store, folding clothes, building displays, and unloading freight. The Urban Outfitters Department Manager, who was supervised by an Urban Outfitters Store Manager while performing his job duties, worked more than 40 hours per week and/or more than eight hours per day without being paid overtime.
According to the complaint:
[Urban Outfitters] acted willfully and/or with reckless disregard of the law in classifying Plaintiff as exempt from overtime requirements. [Emphasis added]
Upon information and belief, [Urban Outfitters] did not analyze Plaintiff’s specific job duties when it determined that he was ineligible for overtime. [Emphasis added]
Upon information and belief, [Urban Outfitters’] unlawful conduct was and is pursuant to its policy of attempting to minimize labor costs by classifying non-exempt workers as exempt while requiring them to perform non-exempt work. [Urban Outfitters] established labor budgets to cover labor costs for the stores in which Plaintiff worked. The wages for [Urban Outfitters’] store-level employees, including Plaintiff, were deducted from the labor budgets. However, [Urban Outfitters] did not provide sufficient money for the labor budgets, causing Plaintiff, who was not paid overtime, to work additional hours without compensation so that [Urban Outfitters] could avoid paying additional wages to its hourly (non-exempt) store-level employees. [Urban Outfitters] did not consider the impact of its insufficient labor budget on Plaintiff’s job duties, including whether staying within the budget required Plaintiff to perform manual labor and non-exempt duties. [Emphasis added]
Throughout Plaintiff’s employment, [Urban Outfitters] failed to maintain accurate and sufficient time records for Plaintiff. [Urban Outfitters] had a policy and/or practice that did not allow Plaintiff to record all hours worked.
Urban Outfitters Files Notice of Removal to Federal Court
On January 3, 2018, Defendant Urban Outfitters, Inc. filed a Notice of Removal in United States District Court, Central District of California, to remove the aforementioned Superior Court action to federal court based on federal question jurisdiction and other legal reasons.
Image: “Urban Outfitters in Pasadena, CA,” Minnaert (Own Work), CC BY 3.0
Urban Outfitters Department Managers
If you served as a Department Manager for Urban Outfitters and have questions or concerns about your potential legal rights or claims, please contact Michael K. Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form above on the right or e-mail [email protected].
Jan 4, 2018 | Consumer Protection, Employment & Technology Archive
Intel Chip Processors – Design Flaw Could Cause Intel Processor Chips to Be Vulnerable to Hackers
Kehoe Law Firm’s securities investigation concerns whether Intel Corporation and certain Intel Corporation officers violated federal securities laws.
On January 2, 2018, news media reported that a significant design flaw in Intel’s processor chips could allow malicious software to read protected areas of a device’s kernel memory, causing Intel’s processor chips to be “vulnerable to hackers” and “raises concerns about the company’s main products and brand.”
On the news of the Intel processor chip design flaw, shares of INTC fell $1.85, or 3.94%, to close at $45.00 on January 3, 2018, thereby injuring INTC investors.
Fundamental Intel Processor Chip Design Flaw Reported
On January 2, 2018, The Register reported (“Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign”) that [a] fundamental design flaw in Intel’s processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug. [Emphasis added]
The Register also reported that “[c]rucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we’re looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model.” [Emphasis added]
Impact of The Processor Chip Design Vulnerability
The Register described the impact of Intel processor bug as follows:
It is understood the bug is present in modern Intel processors produced in the past decade. It allows normal user programs – from database applications to JavaScript in web browsers – to discern to some extent the layout or contents of protected kernel memory areas.
. . .
Whenever a running program needs to do anything useful – such as write to a file or open a network connection – it has to temporarily hand control of the processor to the kernel to carry out the job. To make the transition from user mode to kernel mode and back to user mode as fast and efficient as possible, the kernel is present in all processes’ virtual memory address spaces, although it is invisible to these programs. When the kernel is needed, the program makes a system call, the processor switches to kernel mode and enters the kernel. When it is done, the CPU is told to switch back to user mode, and reenter the process. While in user mode, the kernel’s code and data remains out of sight but present in the process’s page tables.
. . .
The downside to this separation is that it is relatively expensive, time wise, to keep switching between two separate address spaces for every system call and for every interrupt from the hardware. These context switches do not happen instantly, and they force the processor to dump cached data and reload information from memory. This increases the kernel’s overhead, and slows down the computer.
Your Intel-powered machine will run slower as a result.
Intel Chip Processors – The Security Vulnerability & Hackers
According to The Register, the Intel chip processor “vulnerability could be leveraged by malware and hackers to more easily exploit other security bugs.” The Register described the security hole as follows:
At worst, the hole could be abused by programs and logged-in users to read the contents of the kernel’s memory. Suffice to say, this is not great. The kernel’s memory space is hidden from user processes and programs because it may contain all sorts of secrets, such as passwords, login keys, files cached from disk, and so on. Imagine a piece of JavaScript running in a browser, or malicious software running on a shared public cloud server, able to sniff sensitive kernel-protected data.
On January 3, 2018, Reuters reported (“Security flaws put virtually all phones, computers at risk”) that
[s]ecurity researchers . . . disclosed a set of security flaws that they said could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel Corp, Advanced Micro Devices Inc and ARM Holdings. [Emphasis added]
One of the bugs is specific to Intel but another affects laptops, desktop computers, smartphones, tablets and internet servers alike. Intel and ARM insisted that the issue was not a design flaw, but it will require users to download a patch and update their operating system to fix.
“Phones, PCs, everything are going to have some impact, but it’ll vary from product to product,” Intel CEO Brian Krzanich said in an interview with CNBC Wednesday afternoon.
Researchers with Alphabet Inc’s Google Project Zero, in conjunction with academic and industry researchers from several countries, discovered two flaws.
The first, called Meltdown, affects Intel chips and lets hackers bypass the hardware barrier between applications run by users and the computer’s memory, potentially letting hackers read a computer’s memory and steal passwords. The second, called Spectre, affects chips from Intel, AMD and ARM and lets hackers potentially trick otherwise error-free applications into giving up secret information.
. . .
Daniel Gruss, one of the researchers at Graz University of Technology who discovered Meltdown, called it “probably one of the worst CPU bugs ever found” in an interview with Reuters. [Emphasis added]
Gruss said Meltdown was the more serious problem in the short term but could be decisively stopped with software patches. Spectre, the broader bug that applies to nearly all computing devices, is harder for hackers to take advantage of but less easily patched and will be a bigger problem in the long term, he said.
Intel Chip Vulnerabilities & Intel’s Acknowledgement of the Problem
On January 4, 2018, NPR reported (“Intel Acknowledges Chip-Level Security Vulnerability in Processors”) that
[s]ecurity researchers have found serious vulnerabilities in chips made by Intel and other companies that if exploited could leave passwords and other sensitive data exposed.
“Several researchers, including a member of Google’s Project Zero team, found that a design technique used in chips from Intel, Arm and others could allow hackers to access data from the memory on your device. The problem impacts processors going back more than two decades and could let hackers access passwords, encryption keys or sensitive information open in applications,” according to CNET.
The discovery comes shortly after the chipmaker said it was working on a patch.
In a statement released Wednesday, Intel acknowledged the problem, saying that it is “working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits.”
Wired explains that the bug “… allows low-privilege processes to access memory in the computer’s kernel, the machine’s most privileged inner sanctum. Theoretical attacks that exploit that bug, based on quirks in shortcuts Intel has implemented for faster processing, could allow malicious software to spy deeply into other processes and data on the target computer or smartphone.”
Other Comments About the Intel CPU Bug Issue
Additional information about the CPU issue can be found in The Register’s “translation of Intel’s attempt to spin its way out of the CPU security bug” article here and Gamer Meld’s YouTube video, “Intel Responds To “Bug” In Their CPU Architecture!.”
Image: Pixabay, OpenClipart-Vectors, CC0 1.0 Universal
Intel Corporation Investors
If you purchased Intel securities or would like to learn more about the securities investigation or potential legal claims, please contact John Kehoe, Esq., (215) 792-6676, Ext. 801, [email protected], complete the form above on the right or e-mail [email protected].
