National Consumers League

National Consumers League: Computer chip defects force nearly all consumers to choose between speed and security

October 24, 2019

Media contact: National Consumers League – Carol McKay, carolm@nclnet.org, (412) 945-3242 or Taun Sterling, tauns@nclnet.org, (202) 207-2832

New NCL #DataInsecurity report details threat these flaws pose to consumers—both in terms of the security of their data and the performance of their computers—and how they can protect themselves in the future

Washington, DC—A new report released today by the National Consumers League details how consumers have been impacted by a series of processor exploits announced over the last 22 months that leave nearly every computer and server from the past two decades vulnerable to hacking. With sensitive data at risk, patches have been issued that better secure computers and servers. However, these temporary fixes can result in significant performance problems.

The report, “Data Insecurity: How One of the Worst Computer Defects Ever Sacrificed Security for Speed,” is part of NCL’s #DataInsecurity Project. Timed to coincide with National Cybersecurity Awareness Month, the report is an opportunity to remind consumers about the importance of being safe and secure when online. The report discusses the threat these processor flaws pose to consumers—both in terms of the security of their data and the performance of their computer after the necessary security patches are applied—and how they can protect themselves in the future.

“This paper is a part of NCL’s mission to empower individuals to protect themselves from companies that put their data at risk,” said John Breyault, NCL vice president, public policy, telecommunications and fraud. “The scope and severity of these chip flaws is alarming, undermining both the security and speed of computers. Nearly two years after the flaws first made headlines, it is likely that consumers are still not fully aware of the risks they face if they do not protect themselves.”

The report details seven publicly disclosed exploits, known as “Spectre,” “Meltdown,” “Foreshadow,” “Zombieload,” “RIDL,” “Fallout,” and “SWAPGS,” that take advantage of the flaws found in CPUs manufactured by AMD, ARM, and Intel. While Spectre affects all three major chip manufacturers, all six subsequent exploits largely affect only Intel processors.

The exploits have been discovered on an ongoing basis for nearly two years, with the most recent one found in August 2019. The flaws are a result of a process called speculative execution, a functionality created in the 1990s that allows a processor to predict a user’s next action and perform it in advance, thereby reducing delays and increasing the speed of a computer. Because the flaws are foundational to how a CPU’s hardware is built, each patch is only temporary until the next exploit is discovered. Due to the nature of these flaws, the exploits that take advantage of them may not be traceable.

“Consumers are being forced to choose between the security of their data and the computer speed they were promised,” said Breyault. “We recommend consumers prioritize security, though unfortunately, it comes at a financial and performance cost.” 

The report concludes that the best protection for consumers is to buy a new computer that has a CPU with hardware-level security fixes or is immune from some of the exploits. Unfortunately, the NCL report acknowledges that this may not be practical for many consumers. Therefore, consumers are advised to perform frequent software updates. NCL is also strongly supporting data security bills such as the Consumer Privacy Protection Act of 2017 that would require companies to take preventative steps to defend against cyberattacks and data breaches and to provide consumers with notice and appropriate protection when a data breach occurs.

The full report can be found here.

###

About the National Consumers League

The National Consumers League, founded in 1899, is America's pioneer consumer organization. Our mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad. For more information, visit www.nclnet.org.