Intel is already in hot water with the U.S. Government for not revealing details of the Meltdown and Spectre processor vulnerabilities. The chip giant could be in further trouble, according to a Wall Street Journal report. It seems the company decided to inform select customers of the flaw, but did not tell the U.S Government.
It’s been less than a month since Meltdown and Spectre was revealed. However, Intel and other tech giants like Google, Apple, and Microsoft, knew about the flaw for months. The company’s decided to keep it embargoed to search for a fix. That decision has been widely criticized and the US Congress has asked the companies to explain themselves.
Now, it has emerged Intel tipped off some key customers to the vulnerability. It seems the U.S. Government was not one of the company’s worthy of the advance information. Instead, Intel chose to tell major customers like Microsoft and Amazon. Foreign companies like Lenovo and Alibaba in China also knew about the flaw.
Meltdown and Spectre are kernel-level vulnerabilities that make most Intel-powered machines open to attack, while also affecting some running AMD and ARM chips. The flaw lies in kernel operations. When a command is issued on a system, the CPU gives system control to the kernel. To maintain efficiency of performance, the kernel stays below the surface of processes even when the CPU resumes control. This is what leaves machines at risk.
Considering the severity of the vulnerability and its potential impact in the wrong hands, Intel’s decision to ignore the U.S. Government is worrying. The report suggests it is wholly possible the Chinese government knew about the vulnerability. Authorities in China keep close tabs on companies, so interactions between Intel and Lenovo were probably known.
This leaves the U.S. Government in an uncomfortable situation. A foreign government may have known about Meltdown and Spectre before U.S. authorities. Alibaba has said no information was shared with the Chinese government.
The Department of Homeland Security confirmed it first knew about the flaw on January 3. That was just days before the global reveal and 7 months after Intel first knew.
Broken Fix
Intel’s argument has been it allowed companies and itself time to come up with a fix. However, the companies recently launched patch for the Spectre vulnerability has caused problems. Users have reported random reboots, promoting Intel to tell customers to avoid the update for now.
In response, Microsoft has issued Windows patches to revert systems back to a pre-Intel-patch state.
