Tech giants scramble as gigantic vulnerability revealed

By Cameron Abbott and Harry Crawford

In one of the largest cybersecurity scares in history, researchers revealed two CPU vulnerabilities for practically all computers manufactured in the last two decades which could allow hackers to gain access to stored data.

A global team of researchers discovered the two CPU bugs, dubbed Spectre and Meltdown. Both Meltdown and Spectre take advantage of the underlying architecture of CPUs, so is concern whether patches would be able to solve the problem, or whether they might affect CPU performance.

There has been a massive co-ordinated response between chip manufacturers such as Intel and other companies such as Microsoft, Google and Apple to provide patches to plug the vulnerability on phones, computers and other devices (although these are not the only providers that have been affected).

Intel was the target of the researchers’ report, and has been particularly maligned accordingly. Intel allegedly learned about the vulnerabilities months ago. In the days after the news was revealed, Intel’s share price fell by over 2 percent. Three class action lawsuits have already been brought against Intel in the US alleging that the vulnerabilities make Intel chips inherently faulty.

It will be impossible to physically replace all affected chips, which is arguably the most complete fix according to the researchers. Companies should not only to address the immediate security concerns raised by these vulnerabilities by downloading the latest patches, but should also pause to consider their own legal position for any breaches that may occur. Who would have thought that companies would need to address liability within their supply chains to even cover component manufacturers such as Intel? With Spectre and Meltdown, that is no longer an unimaginable situation.

Copyright © 2018, K&L Gates LLP. All Rights Reserved.