Intel Hid ‘Spectre’ and ‘Meltdown’ Security Holes From the Government
Intel has not exactly been forthcoming with information on the security flaws in its CPU chips, spending more time focusing on spin than explaining the issue to the general public. Then they had to withdraw the patch they released to fix the problem, as the patch turned out not to work.
Now it turns out they blindsided the US government too:
Intel Corp did not inform U.S. cyber security officials of the so-called Meltdown and Spectre chip security flaws until they leaked to the public, six months after Alphabet Inc notified the chipmaker of the problems, according to letters sent by tech companies to lawmakers on Thursday.
Current and former U.S. government officials have raised concerns that the government was not informed of the flaws before they became public because the flaws potentially held national security implications. Intel said it did not think the flaws needed to be shared with U.S. authorities as hackers had not exploited the vulnerabilities.
Intel did not tell the United States Computer Emergency Readiness Team, better known as US-CERT, about Meltdown and Spectre until Jan. 3, after reports on them in online technology site The Register had begun to circulate.
US-CERT, which issues warnings about cyber security problems to the public and private sector, did not respond to a request for comment.
Details of when the chip flaws were disclosed were detailed in letters sent by Intel, Alphabet and Apple Inc on Thursday in response to questions from Representative Greg Walden, an Oregon Republican who chairs the House Energy and Commerce Committee. The letters were seen by Reuters.