China cybersecurity group seeks review of Intel products for possible breaches
Initiating a review would help safeguard national security and the interests of Chinese consumers, the group said A Chinese cybersecurity group has called for a review of Intel products sold on the mainland, alleging that the US semiconductor giant’s chips pose a threat for “frequent vulnerabilities and high failure rates”.
The Cyber Security Association of China (CSAC) said in a WeChat post on Wednesday that Intel’s central processing units (CPUs) have shown multiple vulnerabilities in the past and that certain chip series from the firm caused video games to crash.
Such product weaknesses may expose users to hacking via a secret back-door system in Intel’s chips, according to the group. It also accused Intel of responding slowly to previous complaints about being breached.
The CSAC recommended a cybersecurity review of Intel’s products sold on the mainland “to effectively safeguard China’s national security and the legitimate rights and interests of Chinese consumers”.
Intel’s China unit said on Thursday it strictly abides by the laws and regulations of the country, and has always prioritised product safety and quality.
“We will maintain communications with the relevant authorities, clarify related concerns, and demonstrate our commitment to product safety and quality,” the company said in a Chinese statement on its WeChat account.
The CSAC’s call for a cybersecurity review threatens to heat up tensions between Beijing and Washington, following US-led initiatives that restricted exports of advanced chips and semiconductor-manufacturing equipment to the mainland.
The controversy involving Intel comes more than a year after Micron Technology, the largest memory chip maker in the US, became the first foreign semiconductor company to be put under such a review by China.
Intel’s CPUs are used as main processors in consumer electronics products such as laptops and data-centre servers in China. Servers based on Intel’s X86 chip architecture accounted for 90 per cent of China’s CPU server market in 2023, with British chip design Arm making up for 10 per cent, according to a recent report by the China Academy of Information and Communications Technology, a government-backed think tank.
China accounted for 27 per cent of Intel’s total revenue of US$54.2 billion in 2023, according to the firm’s annual report published in January.
The CSAC said that Intel benefited not only from the China market, but also the US Chips and Science Act that provides subsidies to boost American semiconductor research, development and production.
In its WeChat post, the CSAC singled out several Intel chip security vulnerabilities, including Downfall, GhostRace and NativeBHI.
Downfall, also known as Gather Data Sampling by Intel, was discovered in 2022, but only made public in 2023. It enabled attackers to steal sensitive data through so-called speculative execution flaws.
According to the CSAC post, it took Intel more than half a year to address the video game-crashing issue in the company’s 13th and 14th generation Core processor series, which drew many user complaints in late 2023. In July this year, Intel attributed the problem to “a microcode algorithm” that resulted in “incorrect voltage requests to the processor”.
Citing hardware security expert Damien Zammit, the CSAC post accused Intel chips of having a secret back-door system that could be used by hackers to launch cyberattacks or access content without a user’s knowledge.
In 2016, Zammit said Intel’s X86 CPU had a secret subsystem called Management Engine (ME) that works as a separate processor core inside a CPU and cannot be disabled, owing to its hidden proprietary codes. Many cybersecurity professionals reckon ME as a potential security risk because there is no official way to disable it.
According to an article by tech media TechRepublic that cited an Intel statement, the ME was in place so that enterprises can manage computers remotely via the Active Management Technology feature.
Shares of Nasdaq-listed Intel fell 3.33 per cent to US$22.66 in pre-market trading on Wednesday.
Founded in 2016 under the supervision of the Cyberspace Administration of China, the CSAC counts as members some of the country’s major tech companies including Alibaba Group Holding, Tencent Holdings, Baidu and Huawei Technologies. Alibaba owns the South China Morning Post.