This was in The Times on Friday but I haven’t seen any followup yet. One to watch…:
Intel faces at least three class-action lawsuits seeking compensation for flaws in its computer chips that could give hackers access to the confidential data and passwords of billions of people.
Cases filed in California, Oregon and Indiana cite the delay between Intel being notified of the flaws last summer and its disclosure this week, saying the claimants would not have bought devices containing the chips if they had known about the risks.
The claimants also cite the slowdown in processing performance that is alleged to result from software fixes for the vulnerabilities. The Oregon lawsuit demands damages of at least $200 a customer, creating a potential liability of millions. Intel said it was aware of the suits but it would be inappropriate to comment. The company has said ordinary computer users were unlikely to see any significant slowdown. Disclosure of the flaws was delayed so that tech companies could implement fixes without alerting cybercriminals.
The cases, which analysts said may be the first of many, came after Apple confirmed that all Mac computers, iPhones and iPads were affected by the two flaws revealed this week. The Meltdown flaw affects Intel chips, while Spectre affects chips from nearly all manufacturers, including Intel’s rivals AMD and Arm Holdings.
Apple said it had issued software updates to protect against Meltdown and would soon issue an update to its web-browser to reduce Spectre risks. Other companies including Microsoft warned this week that their operating systems were affected and are also issuing emergency updates.
David Emm, of Kaspersky Lab, a security firm, said: “Historically, cybercriminals have focused their attack efforts on devices running Windows, as they’re more commonly used. Apple products have, wrongly, long been considered to be ‘hack-proof’, resulting in people being complacent about cybersecurity protection. This news shows that it’s not only Windows devices that are at risk — and demonstrates that Apple customers, and in fact anyone using any kind of digital device, need to be aware and take additional steps to ensure they’re keeping their devices as protected as possible.”
The backdoor offered to hackers by the Meltdown vulnerability can be closed but only using a workaround that slows down system performance. Intel and Apple insist that this drag will be negligible.
There is no fix-all solution for Spectre, although companies can protect against specific hypothetical attacks. Companies including Microsoft have been issuing updates to operating systems this week to try to offset the risks after news of the vulnerabilities was leaked by The Register, a technology news website. Apple said: “All Mac systems and iOS devices are affected but there are no known exploits impacting customers at this time.”
Am I affected?
Almost certainly. All Apple devices except the Apple Watch are affected, as are nearly all other computers or devices containing a computer chip.
What are the two “flaws”?
The Meltdown exploit affects Intel chips manufactured since 1995 and makes it theoretically straightforward for hackers to access saved passwords and other data. Spectre allows hackers to trick applications into giving up secret information. It affects chips made by Intel and its rivals, including AMD and Arm Holdings.
What can I do to protect myself?
Apple has already issued software updates to protect against Meltdown and will also issue an update to its Safari web browser.
Microsoft and Google have also issued emergency patches for their software.