Intel Did Not Tell US Cyber Officials About Chip Flaws Until Made Public

Intel Corp did not inform U.S. cyber security officials of Meltdown and Spectre chip security flaws until they leaked to the public, six months after Alphabet notified the chipmaker of the problems, according to letters sent by tech companies to lawmakers on Thursday. From a report: Current and former U.S. government officials have raised concerns that the government was not informed of the flaws before they became public because the flaws potentially held national security implications. Intel said it did not think the flaws needed to be shared with U.S. authorities as hackers had not exploited the vulnerabilities. Intel did not tell the United States Computer Emergency Readiness Team, better known as US-CERT, about Meltdown and Spectre until Jan. 3, after reports on them in online technology site The Register had begun to circulate.

First good news from this whole fiasco

[Daneel+Olivaw+R.+]

... else US would have "accidentally" leaked it to hackers and blamed Russia for it.

Re:Ban Intel chips for all US government use

[jpschaaf]

I'm sure Intel dabbles in plenty of government contracts, but processors are a consumer good, not a defense product.

If Intel had to choose between selling on the international consumer market and selling to the US government, I'm pretty sure they'd dump the government in about 5 seconds.

If the US government really wants a secure processor, they should get a secure processor... instead of using the same consumer-grade contraption that I use to surf the web.

Smart

[foxjazz4003]

Smart move for Intel. Would you tell your government where you keep your secrets?

Re:You belive this bullshit?

[Excelcia]

Of course intelligence agencies knew about it. While I'm not a huge fan (or detractor though) of Assange, he made a good case for Google being essentially an arm of the State Department. Why do you think that China has such an issue with Google? The US now warns about Chinese cell phone manufacturers and that their products are possibly unsafe, but this is very much a case of the fire pit calling the kettle black.

The NSA certainly knew of, and have likely been exploiting this for years. The only positive in this is that, unlike the last time, at least time time they didn't let their exploit out in the wild. That little gem, not telling the public about zero day vulnerabilities they failed to disclose, which they subsequently weaponized, then lost control of the code for, cost more billions in ransomeware attacks than any other single source.

Re:Vladimir Pentkovski did it Intel named Pentium

[HiThere]

Ehhh.... if I remember correctly, the possibility of this kind of attack was discussed at around the time speculative execution started to be considered. Unfortunately, I don't remember my source for this, but it was based on non-specialist technical publications that were widely available. (It might have been ComputerWorld or InfoWorld. Something along those lines.)

This isn't a comment about this particular implementation of the attack, but the idea of the attack. Meltdown is the result of thinking the attack was too difficult in principle, so it was safe to ignore the risk. I think Spectre is the result of thinking it was too difficult in practice, so the cost of speculative execution was worth the risk.

So the idea of the attack was out there before the chips were designed, it was just disregarded as impractical. I don't know who Vladimir Pentkovski is (or was), but he was definitely not the sole figure responsible.