Credit Union Files Lawsuit Against Intel over CPU Security Flaws

Aneca Federal Credit Union has filed a lawsuit against Intel over CPU security flaws.

On Jan. 3, 2018, Intel announced its CPUs have contained security flaws for the past 20 years. The credit union claims that in order to increase the speed of its CPUs, Intel had to (allegedly unknowingly) sacrifice security. In 1995 Intel’s CPUs began to perform through a process called “speculative execution,” which was intended to hasten the CPU’s speed by predicting its next set of instructions.

But as consumers recently found out, Intel’s design has been linked to to CPU security flaws. Even though speculative execution undoubtedly increases speed, the process leaves CPUs vulnerable to hackers to steal passwords, encryption keys, photos, emails and any sensitive data, according to this Intel class action lawsuit. These security vulnerabilities have been named Meltdown and Spectre.

Intel allegedly knew of the security defect for at least six months but did not report it until January, the credit union claims.

Nearly 90 percent of the world’s 1.5 billion personal computers are powered by Intel’s CPUs. The CPU security flaws could potentially affect personal computers, laptops, smartphones, tablets and servers made by many companies, including Apple, Asus, Acer, Google, Lenova, Hewlett Packard, Dell, and more.

Aneca’s Problems with CPU Security Flaws

Aneca Federal Credit Union says it bought 15 Dell Optiplex computers in 2015. Each computer includes an Intel Core i5 CPU, which has the reported CPU security flaws. Two years ago, Aneca also purchased three Surface Pro computers and one Surface book computer, all of which allegedly contain the same defective CPU.

Aneca says the company would not have purchased the devices, or at the very least would not have paid the premium price, if they had known of the CPU security flaws.

Since the confirmation of the defect by Intel in January, companies such as Google, Apple, Microsoft, and other tech manufacturers have hurried to release software patches to tackle the CPU security flaws. However, a software patch will only diminish the threats and will not eliminate them.

Because the security flaws exist as a side effect of speeding up the CPUs, software patches that mitigate the threat of these security flaws may slow down the affected device 30 percent or even more.

According to the CPU security flaws lawsuit, “Only a full redesign of Intel’s CPUs can remedy the defect and eliminate the Meltdown and Spectre security vulnerabilities.”

Intel has issued a statement indicating that despite the defect, each CPU “is operating exactly as it is designed” and that “Intel is continuing to investigate architecture and/or microarchitecture changes to combat these types of attacks.”

Aneca claims the devices it bought were equipped with defective parts that were not fit for the purposes needed. Aneca and other members of the proposed Class will need to either purchase new computers that do not contain the defective CPUs or will have to outfit their current computers with patches that will seriously reduce the affected devices’ performance. Neither of these options are ideal for the businesses that depend upon both speed and security from their technology on a daily basis, the credit union claims.

The CPU Security Flaws Lawsuit is Aneca Federal Credit Union v. Intel Corporation, Case no. 3:18-cv-00258 in the U.S. District Court for the District of Oregon, Portland Division.

Join a Free Intel Processor Class Action Lawsuit Investigation

If you or your company were negatively affected by the Intel processor defect, including suffering damages caused by installing the Intel software patch, you may have a legal claim.

Learn More