Intel Didn't Tell U.S. Government About Meltdown and Spectre Until Vulnerabilities Went Public

Intel failed to inform U.S. cyber security officials about the Meltdown and Spectre chip flaws ahead of when they leaked to the public even though Intel had advanced knowledge of the vulnerabilities, several tech companies said in letters sent out to lawmakers on Thursday.

According to Reuters, Apple and Google parent company Alphabet sent letters to Representative Greg Walden, who chairs the House Energy and Commerce Committee. Walden had previously questioned the tech companies about when the chip flaws were disclosed to Intel.


Alphabet said its Google Project Zero team informed Intel, AMD, and ARM about the chip vulnerabilities in in June and provided the three companies with 90 days to fix the problems before disclosing them.

Intel did not tell the U.S. Computer Emergency Readiness Team, aka US-CERT about the Meltdown and Spectre flaws until January 3, however, well after media reports went live. According to Intel, it did not disclose the vulnerabilities ahead of time because hackers had not exploited them.
Intel said it did not inform government officials because there was "no indication that any of these vulnerabilities had been exploited by malicious actors," according to its letter.
At the time the flaws were discovered, Intel also did not do an analysis on whether the flaws could impact critical infrastructure because it did not believe industrial control systems could be impacted, but it did inform the technology companies that use its products.

News of Meltdown and Spectre, two chip flaws that impact all modern processors, first began circulating in early January. Meltdown and Spectre take advantage of the speculative execution mechanism of a CPU, and because they are hardware-based flaws, operating system manufacturers have been forced to implement software workarounds.

Apple first addressed Meltdown and Spectre in iOS 11.2, macOS 10.13.2, and tvOS 11.2 and has since mitigated both vulnerabilities with little to no impact on device performance.

In addition to questioning by the U.S. government over its failure to share information on the security flaws, Intel is also facing at least 32 Meltdown and Spectre lawsuits

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.



Top Rated Comments

(View all)
Avatar
14 months ago
Good. The government are worse than the average person dealing with these sorts of things.
Rating: 20 Votes
Avatar
14 months ago
And why would Intel tell them? It's not the government's right to know about stuff like this right away, nor should it be.
Rating: 13 Votes
Avatar
14 months ago
Of course they didn't. They wanted it to not leak early.
Rating: 10 Votes
Avatar
14 months ago
Intel may not have told the government until after they went public but I'm sure the NSA was already well aware of the vulnerabilities.
Rating: 10 Votes
Avatar
14 months ago
I don't see why they'd need to. Government would just have slowed the release of such info so they'd have more time to make use of it for their own uses before news broke.
Rating: 8 Votes
Avatar
14 months ago

Knowing Trump and other Republicans are running the Government, I wouldn't tell those psuedo-politicians either.


Its almost like you believe theres some kind of difference between the “sides”
Rating: 7 Votes
Avatar
14 months ago

They kept it a secret so that hackers will not start exploiting it until it’s properly patched.
But unfortunately it was leaked out earlier in a week before they would make the official announcement on this bug.
And why put only Intel at fault here when most of the processor (AMD and ARM) are all affected?
And where is your fact of them lying through their teeth and them being greedy? Intel hasn’t lied in anyway nor do I see them being greedy.

CEO sold a ton of his shares while it was still secret.
Rating: 7 Votes
Avatar
14 months ago
But the government is our friend. In fact, the government is our new parental units. The government knows best. That is why it needs to know everything when it happens. :cool:
Rating: 6 Votes
Avatar
14 months ago
It's more like the other way around. The NSA knew about this long ago but didn't tell Intel.
Rating: 5 Votes
Avatar
14 months ago

Intel may not have told the government until after they went public but I'm sure the NSA was already well aware of the vulnerabilities.


The NSA and other nameless intelligence services probably directed the inclusion of Meltdown and Spectre years ago for their own benefit.

What other vulnerabilities have they managed to sneak in that no one else knows about yet? Corporate espionage and sabotage via intelligence services is a thing.
Rating: 5 Votes
[ Read All Comments ]