Intel Didn't Tell U.S. Government About Meltdown and Spectre Until Vulnerabilities Went Public

Discussion in 'Politics, Religion, Social Issues' started by MacRumors, Feb 22, 2018.

  1. MacRumors macrumors bot


    Apr 12, 2001

    Intel failed to inform U.S. cyber security officials about the Meltdown and Spectre chip flaws ahead of when they leaked to the public even though Intel had advanced knowledge of the vulnerabilities, several tech companies said in letters sent out to lawmakers on Thursday.

    According to Reuters, Apple and Google parent company Alphabet sent letters to Representative Greg Walden, who chairs the House Energy and Commerce Committee. Walden had previously questioned the tech companies about when the chip flaws were disclosed to Intel.


    Alphabet said its Google Project Zero team informed Intel, AMD, and ARM about the chip vulnerabilities in in June and provided the three companies with 90 days to fix the problems before disclosing them.

    Intel did not tell the U.S. Computer Emergency Readiness Team, aka US-CERT about the Meltdown and Spectre flaws until January 3, however, well after media reports went live. According to Intel, it did not disclose the vulnerabilities ahead of time because hackers had not exploited them.
    At the time the flaws were discovered, Intel also did not do an analysis on whether the flaws could impact critical infrastructure because it did not believe industrial control systems could be impacted, but it did inform the technology companies that use its products.

    News of Meltdown and Spectre, two chip flaws that impact all modern processors, first began circulating in early January. Meltdown and Spectre take advantage of the speculative execution mechanism of a CPU, and because they are hardware-based flaws, operating system manufacturers have been forced to implement software workarounds.

    Apple first addressed Meltdown and Spectre in iOS 11.2, macOS 10.13.2, and tvOS 11.2 and has since mitigated both vulnerabilities with little to no impact on device performance.

    In addition to questioning by the U.S. government over its failure to share information on the security flaws, Intel is also facing at least 32 Meltdown and Spectre lawsuits

    Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

    Article Link: Intel Didn't Tell U.S. Government About Meltdown and Spectre Until Vulnerabilities Went Public
  2. CerebralX macrumors 6502


    Jun 28, 2013
    Looking for a place of freedom and rationality
    Good. The government are worse than the average person dealing with these sorts of things.
  3. aaronhead14 macrumors 6502a


    Mar 9, 2009
    And why would Intel tell them? It's not the government's right to know about stuff like this right away, nor should it be.
  4. Scottsoapbox macrumors 6502a


    Oct 10, 2014
    Of course they didn't. They wanted it to not leak early.
  5. BasicGreatGuy Contributor


    Sep 21, 2012
    In the middle of several books.
    But the government is our friend. In fact, the government is our new parental units. The government knows best. That is why it needs to know everything when it happens. :cool:
  6. OldSchoolMacGuy Suspended


    Jul 10, 2008
    I don't see why they'd need to. Government would just have slowed the release of such info so they'd have more time to make use of it for their own uses before news broke.
  7. longofest Editor emeritus


    Jul 10, 2003
    Falls Church, VA
    I know everyone likes to bash the US Gov, but the question on my mind is who did they decide to disclose to vs who didn't they disclose to? Did they disclose to other governments, but exclude the US Government? If so, that would have put other governments at a spy competitive advantage towards exploiting the weaknesses and gaining intelligence on US and other government assets. If they only told other companies, how were those companies selected for disclosure?
  8. coolfactor macrumors 601

    Jul 29, 2002
    Vancouver, BC CANADA
    I'm pleasantly surprised (glad) to read the responses here.

    Except this one. Why would you think they would tell other governments, but not the US government? My understanding is there was zero disclosure to anyone until it was made public.
  9. jdillings macrumors 68000

    Jun 21, 2015
    Intel may not have told the government until after they went public but I'm sure the NSA was already well aware of the vulnerabilities.
  10. AgentAnonymous macrumors regular


    May 6, 2016
    Not that it would have made a difference, given how anti-technology the Trump administration circus is.

    That said, Intel deserves to pay for this. They are lying through their teeth. The only reason they kept it a secret is because they didn't want to hurt their brand and subsequently their wallets. They put greed above our personal security, and also above the country's national security.
  11. fairuz, Feb 22, 2018
    Last edited: Feb 22, 2018

    fairuz macrumors 68020


    Aug 27, 2017
    Silicon Valley
    Yeah, cause the government are idiots when it comes to computers, and they would immediately leak it. And I doubt they're gonna patch the vulnerabilities in their own systems any time soon. A lot of these agencies still run WinXP or just migrated to 7, and they're exactly the people who are so afraid of scriptkiddie tools like Metasploit becoming easier to use.

    Sure, I'd like to see them exploit it to hack Russian, Iranian, and Chinese servers. But I don't think they're competent enough to exploit it in time either.
  12. farkingdom macrumors member

    Mar 20, 2012
    They kept it a secret so that hackers will not start exploiting it until it’s properly patched.
    But unfortunately it was leaked out earlier in a week before they would make the official announcement on this bug.
    And why put only Intel at fault here when most of the processor (AMD and ARM) are all affected?
    And where is your fact of them lying through their teeth and them being greedy? Intel hasn’t lied in anyway nor do I see them being greedy.
  13. fairuz macrumors 68020


    Aug 27, 2017
    Silicon Valley
    CEO sold a ton of his shares while it was still secret.
  14. NoNothing macrumors 6502

    Aug 9, 2003
    I can’t agree with a single word in your comment.

    This was only a flaw AFTER someone figured out how to exploit it. Both Meltdown and Spectre are amazingly simple, but sophisticated, attacks. Simple in it only takes a few lines of assembly. Sophisticated in it took people with a deep understanding to figure out the exploit. There is a reason it took decades to be figured out.

    Once found, mitigation has to be planned. This is not a simple software fix, however, and impacts years of chip designs from multiple companies and architectures. First you have to see if the micro-code can be patched and if not you need to figure out how to patch the OS’s using your chip. There are teams and lines of communication setup to discuss these issues. The players then say “we need x days/weeks/months to design, implement and test a fix”

  15. Wags, Feb 22, 2018
    Last edited: Feb 23, 2018

    Wags macrumors 65816

    Mar 5, 2006
    Nebraska, USA
    Not greedy? Like the barrage of stock option sales before news went public
  16. Phonephreak macrumors 6502a


    Aug 24, 2017
    Here and there
    Kinda like Apple needs to pay for lying to the public about their “power management”. Of course don’t forget about telling customers that their battery’s were good.
  17. naujoks macrumors 6502


    Jul 6, 2008
    London, UK
  18. Macaholic868 macrumors 6502


    Feb 2, 2017
    It’s long since time we passed laws that put the people behind bars who pull this crap instead of invoking corporate personhood and making the corporation plead guilty to some crime that results in paying a fine so puny the C level executive laugh while they cash their million dollar bonus checks.
  19. NT1440 macrumors G5


    May 18, 2008
    So in a country in absolute hysterics over “hacking” the overall sentiment in the thread is that the US government shouldn’t have been informed.

    My thoughts on the surveillance state aside I’ll dangle the low hanging fruit:

    What if no disclosure gave the big scary Russians the ability to hack into our intelligence apparatus....seeing as most of it runs on hardware effected by these flaws?
  20. AgentAnonymous macrumors regular


    May 6, 2016
    Letting the US national security teams know isn't "disclosing the bug". That's something they would do while the fix (if any) is being worked on.
  21. TheIntruder macrumors 6502a


    Jul 2, 2008
    It's obvious that many don't know what US CERT is, or the function it performs.

    Guess what, people don't have to become injured or die before NHTSA becomes involved either, which is essentially what Intel's reasoning is.
  22. bladerunner2000 macrumors 68020


    Jun 12, 2015
    Knowing Trump and other Republicans are running the Government, I wouldn't tell those psuedo-politicians either.
  23. -BigMac-, Feb 22, 2018
    Last edited: Feb 22, 2018

    -BigMac- macrumors 68000


    Apr 15, 2011
    Melbourne, Australia
    Maybe Intel is called Intel because it’s main purpose through its loopholes is to collect intel for the governments:eek:
  24. ThunderSkunk macrumors 68030


    Dec 31, 2007
    Milwaukee Area
    Eh. The US gov is on autopilot anyway, during the current smash & grab in progress. For all anyone knows they tried to call but had the misfortune of dialing the State Dept, where only the janitor is still on hand to answer the phone.
  25. Naaaaak macrumors 6502

    Mar 26, 2010
    The NSA and other nameless intelligence services probably directed the inclusion of Meltdown and Spectre years ago for their own benefit.

    What other vulnerabilities have they managed to sneak in that no one else knows about yet? Corporate espionage and sabotage via intelligence services is a thing.

Share This Page

43 February 22, 2018