IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

CA Congressman Wants Answers on Chip Flaws

A California congressman wants to meet with the top three microchip makers to better understand the implications of two security flaws that affect almost all computing devices in the world.

A California congressman wants to meet with the top three microchip makers to better understand the implications of two security flaws that affect almost all computing devices in the world.

Rep. Jerry McNerney, D-Stockton, wrote a letter this week to the CEOs of Intel, ARM and AMD to request a briefing. A member of the House Energy and Commerce Committee, McNerney wrote that he is concerned about the state of cybersecurity in the U.S. and that the recently discovered Meltdown and Spectre flaws add to his concern.

"The Spectre and Meltdown vulnerabilities are glaring warning signs that we must take cybersecurity more seriously," wrote McNerny. "In recent years, we witnessed the largest global ransomware attack in history and the largest distributed-denial-of-service attack of its kind in history. The warning signs keep piling on, yet cybersecurity practices continue to lag far behind."

The flaws were discovered earlier this month by a group of cybersecurity researchers led by Google Project Zero. The flaws, which are not known to have been used by hackers so far, can allow hackers to steal data from the memory of running apps, including password managers, browsers and emails.

Meltdown and Spectre, however, are different in scale of impact and methodology. Meltdown, which is found on Intel and ARM chips, allows hackers to bypass the hardware barrier between running applications and the computer's memory, thereby making it possible to enter the latter from the former.

Spectre is found in Intel, ARM and AMD chips and allows hackers to trick applications into handing over secret information. Meltdown is considered the more dangerous in the short term as it is easier to exploit, but Spectre is considered to have a much longer shelf life and may be more disastrous, according to researchers.

Meltdown and Spectre's disclosures prompted technology companies such as Apple, Google, Microsoft and Amazon to race around the clock to issue security patches to their products.

McNerney wrote to the three CEOs — Brian Krzanich of Intel, Simon Segars of ARM and Lisa Su of AMD — that he would like to know the scale of the flaws, the time frame from when the companies knew of the flaws and what the companies have done to mitigate them.

Krzanich has been under heavy criticism after he reportedly sold nearly 900,000 of his 1.1 million-plus company shares in November — after Intel knew of the two flaws.

Krzanich's sale prompted Sens. John Kennedy, R-Louisiana, and Jack Reed, D-Rhode Island, to call for a Securities and Exchange Commission (SEC) investigation.

"These reports are troubling not only because of the risk to nearly all phones and computers, but also because these reports raise concerns of potential insider trading," wrote Kennedy and Reed.

(c) 2018 The Mercury News (San Jose, Calif.). Distributed by Tribune Content Agency, LLC.