McNerney probes computing device security flaws
A California congressman wants to meet with the Top 3 microchip makers to better understand the implications of two security flaws that affect almost all computing devices in the world.
Rep. Jerry McNerney, DStockton, wrote a letter Tuesday to the CEOs of Intel, ARM and AMD to request a briefing. A member of the House Energy and Commerce Committee, McNerney wrote he is concerned about the state of cybersecurity in the United States and that the recently discovered Meltdown and Spectre flaws add to his concern.
“The Spectre and Meltdown vulnerabilities are glaring warning signs that we must take cybersecurity more seriously,” wrote McNerney. “In recent years, we witnessed the largest global ransomware attack in history and the largest distributed-denial-of-service attack of its kind in history. The warning signs keep piling on, yet cybersecurity practices continue to lag far behind.” The flaws were discovered earlier this month by a group of cybersecurity researchers led by Google Project Zero. The flaws, which are not known to have been used by hackers so far, can allow hackers to steal data from the memory of running apps, including password managers, browsers and emails.
Meltdown and Spectre, however, are different in scale of impact and methodology. Meltdown, which is found on Intel and ARM chips, allows hackers to bypass the hardware barrier between running applications and the computer’s memory, thereby making it possible to enter the latter from the former.