Intel’s security flaws and backdoors: why China’s call for a cybersecurity review is justified
Oct 28, 2024Intel has found itself under scrutiny yet again, with Chinese officials and cybersecurity experts calling for a thorough review of the company’s products sold in China.
According to a report released by the China Cyber Association, Intel’s products have been repeatedly flagged for serious security vulnerabilities, poor reliability and even hidden backdoors that pose a threat to national security. The call for a cybersecurity review comes as Intel continues to profit significantly from the Chinese market, making nearly a quarter of its $50 billion in annual revenue from China alone, all while Intel takes actions that are perceived as harmful to China.
Let’s break down the accusations against Intel, starting with the repeated security vulnerabilities in its products. Intel’s CPUs have been exposed for various flaws, including the Downfall vulnerability in 2023, which allowed attackers to steal sensitive data from key registers in CPUs ranging from the 6th to 11th generations. Instead of taking prompt action to address these vulnerabilities, Intel reportedly dragged its feet, only taking measures after public exposure. This pattern of ignoring problems persisted with the Reptar vulnerability in 2023, where attackers could access sensitive information like PINs and even deny services to the host. It’s concerning that a company of Intel’s size and reputation would fail to address such glaring security risks until it’s too late. Meanwhile, users in China are understandably concerned about the safety of their information when using Intel products.
The report also highlighted Intel’s history of poor reliability and its disregard for user complaints. One glaring example is the persistent crash issues that plagued Intel’s 13th and 14th generation processors. When users reported these issues in droves, Intel at first deflected responsibility, blaming motherboard manufacturers for setting voltage levels too high. Only after significant backlash did Intel eventually acknowledge the problem, but the damage was already done. This lack of accountability only reinforces the perception that Intel prioritises profits over the safety and satisfaction of its users, particularly those in China.
Even more concerning is the accusation that Intel uses remote management tools under the guise of monitoring user health, but these tools contain vulnerabilities that allow attackers to take control of servers remotely. A high-risk vulnerability exposed in 2019, for instance, left servers around the world vulnerable to being controlled by malicious actors. Intel also allegedly continues to use outdated open source components in its products, failing to provide adequate updates and security patches, which further endangers user security.
One of the most alarming accusations revolves around the hidden backdoors in Intel’s Management Engine (ME), which has been embedded in nearly all Intel CPUs since 2008. Experts have called out Intel’s Active Management Technology (AMT), a feature that allows remote access to users’ systems, for having high-risk vulnerabilities that could allow attackers to bypass authentication and gain complete control over systems. The fact that a suspected NSA set hidden switch was discovered within Intel’s hardware raises even more red flags, suggesting that the NSA has the capability to shut down the ME system, while users around the world remain exposed to its vulnerabilities.
So why does this matter and how does the U.S. come into play here? The “Chips and Science Act” passed by the U.S. government is a critical point of contention. This act, aimed at stifling China’s semiconductor industry, has benefitted Intel immensely. Intel has received billions of dollars in direct subsidies and low-interest loans from the U.S. government, all while Intel continues to expand its presence in China. The irony here is glaring: Intel, a company that owes a significant portion of its revenue to the Chinese market, continues to align itself with U.S. geopolitical goals, actively cutting off supplies to major Chinese tech companies like Huawei and ZTE and enforcing discriminatory policies against Xinjiang. This double standard is apparent, as Intel profits from the Chinese market while simultaneously undermining China’s security interests.
It’s also worth noting the hypocrisy of U.S. actions regarding Huawei. The U.S. banned Huawei, citing accusations that the company had backdoors for the Chinese Communist Party (CPC), accusations that have never been conclusively proven. Huawei even offered its source code for independent review to dispel these accusations, but the U.S. continued to stoke fears of espionage. In contrast, it has been proven that the U.S., through agencies like the NSA, has incorporated backdoors into American products, as seen in the revelations from the Snowden leaks. These backdoors have been used for global surveillance, raising serious concerns about the true motives behind the U.S.’s campaign against Huawei. While no concrete evidence against Huawei has surfaced, the U.S.’s own cybersecurity practices, especially involving backdoors, have been exposed for their actual violations of global trust and security.
China’s call for a cybersecurity review of Intel’s products is not only justified but necessary to protect the country’s critical information infrastructure. The fact that Intel’s products are riddled with vulnerabilities, combined with its willingness to play ball with U.S. government initiatives aimed at suppressing China’s tech industry, makes it clear that a thorough review is essential. China is simply seeking to safeguard its national security and protect consumers from using faulty products that expose them to external threats. Meanwhile, Intel’s actions demonstrate its prioritisation of political alliances over the safety and trust of its global consumer base.
It’s high time that China takes a stand against these cybersecurity threats. A review of Intel’s products is a step in the right direction to ensure that Chinese consumers are protected from the risks posed by Intel’s negligence and questionable practices. At the end of the day, companies like Intel should be held accountable for the security vulnerabilities they create, regardless of their alliances or geopolitical motives.