Chinese Cybersec Org Calls for Investigation on Intel Security Risks

The China Cyberspace Security Association has called for a thorough investigation into Intel's products due to persistent security vulnerabilities and reliability issues, warning of potential risks to network and national security. The association's announcement follows numerous incidents that raise concerns about Intel's handling of security flaws and product defects.

Intel's frequent security issues

Intel CPUs have been plagued by several critical vulnerabilities in the past years, highlighted the Chinese organization.

One notable case is the “Downfall” vulnerability, a side-channel exploit that can leak sensitive data stored in vector registers, such as encryption keys and user information. This flaw, affecting Intel’s 6th to 11th-generation Core, Celeron, and Pentium processors, as well as the 1st to 4th-generation Xeon processors, was first reported by researchers in 2022.

Despite being informed, Intel neither publicly acknowledged the issue nor took immediate corrective action, only addressing it after public disclosure in 2023. A class-action lawsuit was filed against Intel in November 2023 in the U.S. District Court in San Jose by five plaintiffs representing CPU consumers across the nation.

In November 2023, Google researchers identified another critical flaw, dubbed “Reptar,” in Intel CPUs. This vulnerability allows attackers to access sensitive data, including passwords and card numbers, in multi-tenant virtualization environments and can trigger system crashes, potentially causing denial-of-service (DoS) events.

Since the start of 2024, additional vulnerabilities such as GhostRace, NativeBHI, and Indirector have been discovered in Intel CPUs, further underscoring significant security management failures within the company.

Reliability issues

Intel’s handling of product reliability has also come under fire, with users reporting instability in the 13th and 14th-generation Core i9 processors, particularly when running specific games. Visual effects professionals, like Dylan Browne from ModelFarm, have also criticized the high failure rate of Intel-powered computers, with 50% of systems malfunctioning at his studio.

After initially blaming motherboard manufacturers for over-volting issues, Intel eventually admitted in July 2024 that a microcode error caused excessive voltage requests, leading to the instability of some 13th and 14th-generation CPUs.

However, the six-month delay in providing a proper fix has sparked outrage, with many seeing Intel's approach as evasive and dismissive of customer concerns. Legal action is reportedly underway, with law firm Abington Cole + Ellery investigating potential class-action claims on behalf of users affected by these issues.

Concerns about hidden backdoors

Concerns about Intel's IPMI (Intelligent Platform Management Interface) and BMC (Baseboard Management Controller) technologies have also resurfaced. Initially designed for remote server management, these technologies have been linked to severe security vulnerabilities, such as CVE-2019-11181. Furthermore, Intel’s use of outdated software components in some products has further heightened fears of exploitation.

Intel’s Management Engine (ME), a subsystem embedded in nearly all Intel CPUs since 2008, has been described as a potential “backdoor.” Security experts, including Damien Zammit, have criticized ME for allowing remote access to systems and bypassing firewalls and security measures without user consent. In 2017, Russian researchers uncovered a hidden switch in the ME system that may have been linked to the U.S. National Security Agency (NSA), raising concerns over potential surveillance capabilities embedded in Intel hardware.

Geopolitical considerations and recommendation

Intel’s significant presence in the Chinese market adds a layer of complexity to these security concerns. The company derives nearly a quarter of its global $50 billion revenue from China, holding a dominant 77% share of the desktop CPU market and 91% of the x86 server market as of 2022.

However, Intel’s actions, including its compliance with U.S. policies targeting Chinese companies and regions, have caused friction. In particular, its stance on the Xinjiang region and its participation in cutting off supply to Chinese firms like Huawei and ZTE have been viewed as hostile by the Chinese government.

The China Cyberspace Security Association recommends initiating a comprehensive cybersecurity review of Intel products sold in China to safeguard national security and protect consumers' rights. The association warns that Intel's failures in security management and its alignment with U.S. geopolitical strategies pose significant risks to China’s critical infrastructure.