Intel facing multiple lawsuits over Meltdown and Spectre flaws

19 Feb 2018

Intel processor label on laptop. Image: charnsitr/Shutterstock

Intel reveals it is facing 32 lawsuits in new document filings.

The Meltdown and Spectre processor flaws have caused havoc for many, with people forced to install security updates to protect against the vulnerabilities, which, in some cases, caused computer performance to suffer.

Intel facing a barrage of lawsuits

A growing group of customers is unsatisfied with the response from Intel following the revelations, and a recent SEC filing from the company noted that as of 15 February, 30 customer class-action lawsuits and two securities lawsuits have been filed.

The class-action lawsuits are “seeking monetary damages and equitable relief” and the securities lawsuits “allege that Intel and certain officers violated securities laws by making statements about Intel’s products and internal controls that were revealed to be false or misleading by the disclosure of the security vulnerabilities”.

Three Intel shareholders have each filed shareholder derivative actions against it, alleging that certain officers and board members have failed “to take action in relation to alleged insider trading”.

Allegations of insider trading

The insider trading allegations stem from Intel CEO Brian Krzanich selling all of the Intel stock he was permitted to after the company learned of the major security flaws.

A spokesperson told CBS MarketWatch that the trades were not related to the discovery of the flaw, but Krzanich scheduled the sales on 30 October, several months after researchers let Intel know about the issues.

Intel has been criticised by the public for its response to the security flaws, with many saying more transparency from the firm in the early stages of the disclosure would not have gone amiss.

The company is expanding its bug bounty programme in order to locate and fix major security issues before they become a bigger problem. The programme was previously invitation-only, but is now open to all security researchers. Bounty awards have also been raised across the board, with bug disclosure awards at the maximum varying between $100,000 and $250,000.

The lawsuits are all at their early stages, so it is difficult to discern at this point just how much the chipmaker could stand to lose should the rulings side with those taking legal action.

The Meltdown and Spectre flaws were present in CPUs dating back to 1995 and Intel was informed of the flaws in June 2017. At present, researchers are still discovering new ways to exploit both flaws.

A team from Nvidia and Princeton University recently found a way to pit two CPU cores against each other to dupe multi-core systems, getting access to their cached data.

Intel processor label on laptop. Image: charnsitr/Shutterstock

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects

editorial@siliconrepublic.com