Congressman Looking for Answers About Spectre & Meltdown

A California congressman has written to the CEOs of Intel, AMD and ARM seeking answers about the Spectre and Meltdown vulnerabilities.

Scott Ferguson, Managing Editor, Light Reading

January 18, 2018

3 Min Read

A California congressman is seeking answers to the recently disclosed Spectre and Meltdown vulnerabilities found in many microprocessors, and has written letters to the CEOs of Intel, AMD and ARM.

In his letter, Rep. Jerry McNerney (D-Calif.), who sits on the House Energy and Commerce Committee, asked the CEOs to provide answers about the Spectre and Meltdown flaws and the wide-ranging effects these vulnerabilities could have regarding any number of PCs, servers or other devices, such as smartphones.

McNerry also raised concerns about cybersecurity issues.

"Analysis by security researchers suggests that nefarious actors could use Spectre and Meltdown to access and steal users' personal information, including passwords, online bank accounts, emails, and photos," according to the January 16 letter. "They could also take advantage of these security flaws to access and steal critical documents held by businesses and government agencies. Should the vulnerabilities be exploited, the effects on consumers' privacy and our nation's economy and security would be absolutely devastating."

(Source: MotionStudios via Pixabay)

(Source: MotionStudios via Pixabay)

After the disclosure of Spectre and Meltdown earlier this year, it was Intel Corp. (Nasdaq: INTC) that took the biggest hit since it's the world's largest producer of x86 chips. At CES, CEO Brian Krzanich laid out the company's plans to be more forthcoming with these types of security concerns. (See Security Warning: Intel Inside.)

However, Intel is not the only chip maker susceptible to these two flaws, and in addition to Krzanich, letters were also sent to Lisa Su, the CEO of Advanced Micro Devices Inc. (NYSE: AMD), and Simon Segars, the CEO of ARM Ltd. (Nasdaq: ARMHY; London: ARM), which is owned by Softbank.

In addition to questions about the scope of Spectre and Meltdown, as well as how consumers are affected, McNerry is asking for a timeframe of when the companies knew about the vulnerabilities and when notifications went out, as well as what is being done to fix these issues in future chip designs.

"In recent years, we witnessed the largest global ransomware attack in history and the largest distributed-denial-of-service attack of its kind in history," McNerry wrote. "The warning signs keep piling on, yet cybersecurity practices continue to lag far behind."

Although these types of vulnerabilities have been known for close to 20 years, Spectre and Meltdown came to wide public attention earlier this month thanks to a paper published by researchers at Graz University of Technology in Austria. (See New Intel Vulnerability Hits Almost Everyone.)

The research found that by manipulating pre-executed commands within the chip, which help make data available faster, hackers can gain access to the content of the kernel memory. The security issue for enterprises is that this flaw can allow a hacker to gain access to encryption keys and other authentication details of whatever system the CPU is running in.

McNerry, who holds a PhD in mathematics, has recently introduced a bill called Securing IoT Act, which would require cybersecurity standards and certifications for wireless devices used in the Internet of Things.

Related posts:

— Scott Ferguson, Editor, Enterprise Cloud News. Follow him on Twitter @sferguson_LR.

Read more about:

Security Now

About the Author(s)

Scott Ferguson

Managing Editor, Light Reading

Prior to joining Enterprise Cloud News, he was director of audience development for InformationWeek, where he oversaw the publications' newsletters, editorial content, email and content marketing initiatives. Before that, he served as editor-in-chief of eWEEK, overseeing both the website and the print edition of the magazine. For more than a decade, Scott has covered the IT enterprise industry with a focus on cloud computing, datacenter technologies, virtualization, IoT and microprocessors, as well as PCs and mobile. Before covering tech, he was a staff writer at the Asbury Park Press and the Herald News, both located in New Jersey. Scott has degrees in journalism and history from William Paterson University, and is based in Greater New York.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights