Houston Chronicle

Lawmaker asks top chip makers to confer about security flaws

- By Seung Lee

A California congressma­n wants to meet with the Top 3 microchip makers to better understand the implicatio­ns of two security flaws that affect almost all computing devices in the world.

Rep. Jerry McNerney, D-Stockton, wrote a letter Tuesday to the CEOs of Intel, ARM and AMD to request a briefing. A member of the House Energy and Commerce Committee, McNerney wrote he is concerned about the state of cybersecur­ity in the United States and that the recently discovered Meltdown and Spectre flaws add to his concern.

“The Spectre and Meltdown vulnerabil­ities are glaring warning signs that we must take cybersecur­ity more seriously,” McNerny wrote. “In recent years, we witnessed the largest global ransomware attack in history and the largest distribute­d-denialof-service attack of its kind in history. The warning signs keep piling on, yet cybersecur­ity practices continue to lag far behind.”

The flaws were discovered earlier this month by a group of cybersecur­ity researcher­s led by Google Project Zero.

The flaws, which are not known to have been used by hackers so far, can allow hackers to steal data from the memory of running apps, including password managers, browsers and emails. How they work

Meltdown and Spectre, however, are different in scale of impact and methodolog­y.

Meltdown, which is found on Intel and ARM chips, allows hackers to bypass the hardware barrier between running applicatio­ns and the computer’s memory, thereby making it possible to enter the latter from the former.

Spectre is found in Intel, ARM and AMD chips and allows hackers to trick applicatio­ns into handing over secret informatio­n. Meltdown is considered the more dangerous in the short term as it is easier to exploit, but Spectre is considered to have a much longer shelf life and may be more disastrous, according to researcher­s.

Meltdown and Spectre’s disclosure­s prompted technology companies such as Apple, Google, Microsoft and Amazon to race around the clock to issue security patches to their products. ‘Troubling ... concerns’

McNerney wrote to the three CEOs — Brian Krzanich of Intel, Simon Segars of ARM and Lisa Su of AMD — that he would like to know the scale of the flaws, the timeframe from when the companies knew of the flaws and what the companies have done to mitigate them.

Krzanich has been under heavy criticism after he reportedly sold nearly 900,000 of his 1.1 millionplu­s company shares in November — after Intel knew of the two flaws.

Krzanich’s sale prompted Sens. John Kennedy, R-La., and Jack Reed, DR.I., to call for an SEC investigat­ion.

“These reports are troubling not only because of the risk to nearly all phones and computers, but also because these reports raise concerns of potential insider trading,” Kennedy and Reed wrote.

?? Andrej Sopkolow / DPA / Zuma Press / TNS ?? Intel CEO Brian Krzanich, speaking at the CES technology fair in Las Vegas last week, faces calls for an SEC investigat­ion after he sold company shares after learning of cybersecur­ity flaws in Intel chips.
Andrej Sopkolow / DPA / Zuma Press / TNS Intel CEO Brian Krzanich, speaking at the CES technology fair in Las Vegas last week, faces calls for an SEC investigat­ion after he sold company shares after learning of cybersecur­ity flaws in Intel chips.

Newspapers in English

Newspapers from United States