Intel Didn’t Disclose Spectre, Meltdown to US Government Until News Went Public

Intel Didn’t Disclose Spectre, Meltdown to US Government Until News Went Public

Intel is under fire for failing to disclose Spectre and Meltdown to the US government after it heard about the attacks in June. A month ago, we reported that some governmental agencies like the NSA hadn’t been informed of the exploits. It now appears that no government agency was informed about the exploits, period, until the news went public.

Current and former U.S. government officials said the government was not informed of the flaws before they became public because the flaws potentially held national security implications, Reuters reports. Intel said it did not think the flaws needed to be shared with US authorities, as “hackers had not exploited the vulnerabilities.” This information is drawn from the letters Intel, AMD, and ARM sent to Greg Walden (R-OR), who chairs the House Energy and Commerce Committee.

This is a laughable excuse. First of all, Intel is not automatically in a position to know if exploits have been used or not. White hats monitor these sorts of problems closely, but mass-produced malware isn’t the only kind of exploit that exists in the universe. If an intelligence agency discovered and deployed targeted software packages to capture data from certain individuals, we’d never know about it. Heck, that’s why some of Snowden’s disclosures surprised people. Folks had suspected that some of this activity occurred, but hadn’t put all the pieces together yet.

The second reason this excuse beggars belief is that Intel didn’t apply it consistently. Here’s Reuters again: “Intel said that it did inform other technology companies that use its chips of the issue, according to its letter.” So it was important enough to tell customers, including some Chinese customers, that its CPUs had critical problems, but not important enough to tell the government which actually depends on Intel CPUs to hold top-secret information and data repositories.

Intel Didn’t Disclose Spectre, Meltdown to US Government Until News Went Public

Google first found the flaws as part of Project Zero and informed Intel, AMD, and ARM of their findings. It gave them the standard 90 days to fix the problem, only to extend that deadline to January 3 and then to January 9. This explains, I suspect, why Intel was able to supposedly include hardware mitigations for its upcoming Cannon Lake processors — it had the lead time necessary to do so. Alphabet left it up to the chip company’s themselves as to whether they’d inform the government.

The reason Intel’s decision to withhold this information rankles is because of the incredibly unequal standard it applied to disclosure. If Intel did disclose these flaws to Chinese customers, we can assume the Chinese government likely found out about them, given the degree of data surveillance that country practices.

That’s not a good look for Intel, and the CEO’s decision to sell the maximum allowance of stock he was allowed to sell before the news dropped doesn’t exactly make him look great, either. Given how long it’s taken Intel to develop patches and how fraught development has been, I can understand not admitting the flaw publicly until you have fixes ready to go. That’s common sense. But not informing government agencies under a confidentiality agreement is something altogether different. As a result, some of the customers most likely to be targeted by exploits for Meltdown and Spectre were the last to be notified the problem existed.

Continue reading

Huawei’s Phone Deal With AT&T Reportedly Killed On Account of Politics

The upcoming (and unannounced) deal with AT&T to sell the new Mate 10 series was supposed to be the start of Huawei's push into North America, but the deal has reportedly fallen apart at the last minute after AT&T got cold feet, and some sources point to a political cause.

Nvidia May Be Prepping a New GTX 1050 Ti Max-Q to Counter Intel, AMD

Nvidia is reportedly readying a new version of the GTX 1050 Ti with a Max-Q spin on the silicon. Is it a move against AMD's just-announced Vega Mobile or a shot across the bow of Intel's Vega-equipped CPUs?

ET Deals: Discounted Online Courses from Udemy

If you love to learn, check out the outstanding classes at Udemy. Thousands of online courses are being discounted today, so you can invest in a new skill — even if you're on a budget.

8K Displays Could Be Ready This Year, but Content Could Take Until 2025

8K panels could arrive as soon as this year (at extraordinary prices), but 8K content? That might be seven years away — or even more. This depends, to some extent, and how you define "content."