Intel CEO pledges action in wake of security flaw revelationsBy SEUNG LEE
The Mercury News
January 15. 2018 10:31PM
Since cybersecurity researchers uncovered two massive microprocessor flaws that leave nearly every computing device in the world vulnerable to hackers, Intel has borne the biggest brunt of criticism in both the press and the stock market.
Last Thursday, a week after researchers led by Google unveiled the Meltdown and Spectre bugs, Intel CEO Brian Krzanich penned a short letter online pledging urgency, security and transparency from the company and from the larger industry.
“Following announcements of the Google Project Zero security exploits last week, Intel has continued to work closely with our partners with the shared goal of restoring confidence in the security of our customers’ data as quickly as possible,” wrote Krzanich.
Meltdown and Spectre are in chips made by Intel — the world’s largest chip maker — and other major suppliers dating as far back as 1995. The flaws allow hackers to steal data from the memory of running apps, including password managers, browsers and emails in different fashions.
Hardware and cloud computing giants such as Apple, Google and Amazon rushed to issue patches to mitigate both bugs — but cybersecurity experts say these are software band-aids to a fixed hardware problem that may never fully be erased.
Krzanich spelled out three facets Intel will work on to mitigate the damage: “customer-first urgency,” “transparent and timely communications” and “ongoing security assurances.” Intel will have updates to patch the bugs for at least 90 percent of Intel CPUs by Jan. 15 and 100 percent by the end of the month, wrote Krzanich.
Krzanich also said Intel will cooperate with other companies in the industry in learning to mitigate the bugs and add academic funding to the issue.
“We encourage our industry partners to continue to support these practices,” wrote Krzanich. “There are important roles for everyone: Timely adoption of software and firmware patches by consumers and system manufacturers is critical. Transparent and timely sharing of performance data by hardware and software developers is essential to rapid progress.”
Krzanich, who has been Intel’s CEO since 2013, first addressed the Meltdown and Spectre bugs in an on-stage presentation at CES in Las Vegas earlier this month. He said there has been no recorded incident of hackers using either bug to steal user data.
“Security is job number one for Intel and our industry, so the primary focus of our decisions and discussions have been to keep our customer’s data safe,” said Krzanich.
Krzanich sold nearly 900,000 of his 1.1 million company shares in November _ after the company was aware of Spectre and Meltdown. The sale, worth nearly $24 million, prompted two senators to request a SEC and Justice Department investigation into possible insider trading violations.
Intel earlier this month dismissed any notion Krzanich’s sale was tied to the knowledge of the bugs.
“Brian’s sale is unrelated,” said an Intel spokesperson. “It was made pursuant to a pre-arranged stock sale plan with an automated sale schedule. He continues to hold shares in line with corporate guidelines.”