Intel’s start to the new year just went from bad to worse. The chipmaker has been hit with multiple class-action lawsuits just days after reports of a critical vulnerability in its processors started to surface.
At least three lawsuits were filed relating to the Meltdown and Spectre bugs that can steal sensitive information from practically all modern computing devices. First reported by the Register, the vulnerability affects millions (if not billions) of laptops, smartphones, and even cloud computing servers.
The lawsuits were filed by plaintiffs in Oregon, Indiana, and California. They each allege Intel failed to fix a design flaw in its CPUs and delayed disclosing the issues to the public until word got out. They also seek compensation for the performance slowdown expected of upcoming patches.
How badly these upcoming fixes will hurt the performance of your electronics is still unclear. Researchers found significant performance declines in some benchmarks; however, other tests showed no discernable change. Intel argues concerns about performance hits have been exaggerated. It says the impact “should not be significant and will be mitigated over time” and that the majority of processors shipped in the last five years have already been updated.
Google agrees. In a blog posted on Thursday, the tech giant says it created a technique called “Retpoline” that protects against the attack with minimal impact on performance. It says, despite “speculation,” patches won’t cause significant slowdowns during most processes. Amazon and Microsoft echoed Google’s comments, claiming their cloud computing customers won’t see reduced speeds. Still, the Google Project Zero researchers who found the bugs say Spectre—unlike Meltdown—is impossible to fix with an over-the-air update. So far, no breaches have been reported.
To proceed with the claims, plaintiffs will need to establish that Intel misled consumers and prove damage resulting from the bugs, like performance slowdowns or cyberattacks.
“The security vulnerability revealed by these reports suggests that this may be one of the largest security flaws ever facing the American public,” said Bill Doyle, a lawyer representing the plaintiffs who filed suit in California. “It is imperative that Intel act swiftly to fix the problem and ensure consumers are fully compensated for all losses suffered as a result of their actions.”
Practically all devices released in the past few decades are susceptible to the bugs, which let attackers see key information stored in the memory of an operating system kernel. That includes computers running macOS, Windows, or Linux, as well as iPhones and Android devices. Manufacturers including Apple, Microsoft, and Google have worked tirelessly to release updates that patch the bugs. This guide explains how you can protect all of your devices.
More lawsuits are expected to arise while Intel attempts to mitigate the damage. We may also see complaints against other chipmakers like AMD and ARM, two competitors Intel claims are also affected by the Spectre flaw.
Intel told the Guardian that it “can confirm it is aware of the class actions but as these proceedings are ongoing, it would be inappropriate to comment.”