Latest in Gear

Image credit:

Intel told Chinese firms of Meltdown flaws before the US government

It raises concerns that China could have exploited the security holes.
Jon Fingas, @jonfingas
January 28, 2018
Share
Tweet
Share

Sponsored Links

Thomas Samson/AFP/Getty Images

Intel may have been working with many tech industry players to address the Meltdown and Spectre flaws, but who it contacted and when might have been problematic. Wall Street Journal sources have claimed that Intel initially told a handful of customers about the processor vulnerabilities, including Chinese tech companies like Alibaba and Lenovo, but not the US government. While the chip giant does have to talk to those companies to coordinate fixes, the Chinese government routinely monitors conversations like this -- it could have theoretically exploited the holes to intercept data before patches were available.

An Intel spokesman wouldn't detail who the company had informed, but said that the company couldn't notify everyone (including US officials) in time because Meltdown and Spectre had been revealed early. Lenovo said the information was protected by a non-disclosure agreement. Alibaba has suggested that any accusasions of sharing info with the Chinese government was "speculative and baseless," but this doesn't rule out officials intercepting details without Alibaba's knowledge.

There's no immediate evidence to suggest that China has taken advantage of the flaws, but that's not the point -- it's that the US government could have helped coordinate disclosures to ensure that enough companies had fixes in place. Big names like Apple, Amazon, Google and Microsoft were ready relatively quickly, but most everyone else was left racing to fix or mitigate the flaws. That could have led to attacks on vendors that weren't in the early list, but were still running critical systems.

Intel is between a rock and a hard place in situations like this. There's no question that it has to notify partners, but it also has to limit those notifications to minimize leaks before patches are ready. The issue, as you might guess, is that the company didn't appear to have accounted for the cyberwarfare implications of who it notified first.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Live PlayStation 5 photos reveal a truly giant console

Live PlayStation 5 photos reveal a truly giant console

View
Microsoft releases a final preview for Windows 10's October update

Microsoft releases a final preview for Windows 10's October update

View
Sony apologizes for botched PlayStation 5 pre-orders

Sony apologizes for botched PlayStation 5 pre-orders

View
Bird releases more affordable, foldable Air electric scooter for $599

Bird releases more affordable, foldable Air electric scooter for $599

View
Verizon's $30 Unlimited Plus tablet plan offers 5G access

Verizon's $30 Unlimited Plus tablet plan offers 5G access

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr