Intel Didn't Tell U.S. Government About Meltdown and Spectre Until Vulnerabilities Went Public

Discussion in 'Politics, Religion, Social Issues' started by MacRumors, Feb 22, 2018.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Intel failed to inform U.S. cyber security officials about the Meltdown and Spectre chip flaws ahead of when they leaked to the public even though Intel had advanced knowledge of the vulnerabilities, several tech companies said in letters sent out to lawmakers on Thursday.

    According to Reuters, Apple and Google parent company Alphabet sent letters to Representative Greg Walden, who chairs the House Energy and Commerce Committee. Walden had previously questioned the tech companies about when the chip flaws were disclosed to Intel.

    [​IMG]

    Alphabet said its Google Project Zero team informed Intel, AMD, and ARM about the chip vulnerabilities in in June and provided the three companies with 90 days to fix the problems before disclosing them.

    Intel did not tell the U.S. Computer Emergency Readiness Team, aka US-CERT about the Meltdown and Spectre flaws until January 3, however, well after media reports went live. According to Intel, it did not disclose the vulnerabilities ahead of time because hackers had not exploited them.
    At the time the flaws were discovered, Intel also did not do an analysis on whether the flaws could impact critical infrastructure because it did not believe industrial control systems could be impacted, but it did inform the technology companies that use its products.

    News of Meltdown and Spectre, two chip flaws that impact all modern processors, first began circulating in early January. Meltdown and Spectre take advantage of the speculative execution mechanism of a CPU, and because they are hardware-based flaws, operating system manufacturers have been forced to implement software workarounds.

    Apple first addressed Meltdown and Spectre in iOS 11.2, macOS 10.13.2, and tvOS 11.2 and has since mitigated both vulnerabilities with little to no impact on device performance.

    In addition to questioning by the U.S. government over its failure to share information on the security flaws, Intel is also facing at least 32 Meltdown and Spectre lawsuits

    Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

    Article Link: Intel Didn't Tell U.S. Government About Meltdown and Spectre Until Vulnerabilities Went Public
     
  2. RCS31 macrumors regular

    Joined:
    Jun 28, 2013
    #2
    Good. The government are worse than the average person dealing with these sorts of things.
     
  3. aaronhead14 macrumors 6502a

    aaronhead14

    Joined:
    Mar 9, 2009
    #3
    And why would Intel tell them? It's not the government's right to know about stuff like this right away, nor should it be.
     
  4. Scottsoapbox macrumors 6502

    Scottsoapbox

    Joined:
    Oct 10, 2014
    #4
    Of course they didn't. They wanted it to not leak early.
     
  5. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #5
    But the government is our friend. In fact, the government is our new parental units. The government knows best. That is why it needs to know everything when it happens. :cool:
     
  6. OldSchoolMacGuy macrumors 68040

    OldSchoolMacGuy

    Joined:
    Jul 10, 2008
    #6
    I don't see why they'd need to. Government would just have slowed the release of such info so they'd have more time to make use of it for their own uses before news broke.
     
  7. longofest Editor emeritus

    longofest

    Joined:
    Jul 10, 2003
    Location:
    Falls Church, VA
    #7
    I know everyone likes to bash the US Gov, but the question on my mind is who did they decide to disclose to vs who didn't they disclose to? Did they disclose to other governments, but exclude the US Government? If so, that would have put other governments at a spy competitive advantage towards exploiting the weaknesses and gaining intelligence on US and other government assets. If they only told other companies, how were those companies selected for disclosure?
     
  8. coolfactor macrumors 68040

    Joined:
    Jul 29, 2002
    Location:
    Vancouver, BC CANADA
    #8
    I'm pleasantly surprised (glad) to read the responses here.

    Except this one. Why would you think they would tell other governments, but not the US government? My understanding is there was zero disclosure to anyone until it was made public.
     
  9. jdillings macrumors 68000

    Joined:
    Jun 21, 2015
    #9
    Intel may not have told the government until after they went public but I'm sure the NSA was already well aware of the vulnerabilities.
     
  10. AgentAnonymous macrumors regular

    AgentAnonymous

    Joined:
    May 6, 2016
    #10
    Not that it would have made a difference, given how anti-technology the Trump administration circus is.

    That said, Intel deserves to pay for this. They are lying through their teeth. The only reason they kept it a secret is because they didn't want to hurt their brand and subsequently their wallets. They put greed above our personal security, and also above the country's national security.
     
  11. fairuz, Feb 22, 2018
    Last edited: Feb 22, 2018

    fairuz macrumors 6502a

    fairuz

    Joined:
    Aug 27, 2017
    Location:
    San Francisco
    #11
    Yeah, cause the government are idiots when it comes to computers, and they would immediately leak it. And I doubt they're gonna patch the vulnerabilities in their own systems any time soon. A lot of these agencies still run WinXP or just migrated to 7, and they're exactly the people who are so afraid of scriptkiddie tools like Metasploit becoming easier to use.

    Sure, I'd like to see them exploit it to hack Russian, Iranian, and Chinese servers. But I don't think they're competent enough to exploit it in time either.
     
  12. farkingdom macrumors member

    Joined:
    Mar 20, 2012
    #12
    They kept it a secret so that hackers will not start exploiting it until it’s properly patched.
    But unfortunately it was leaked out earlier in a week before they would make the official announcement on this bug.
    And why put only Intel at fault here when most of the processor (AMD and ARM) are all affected?
    And where is your fact of them lying through their teeth and them being greedy? Intel hasn’t lied in anyway nor do I see them being greedy.
     
  13. fairuz macrumors 6502a

    fairuz

    Joined:
    Aug 27, 2017
    Location:
    San Francisco
    #13
    CEO sold a ton of his shares while it was still secret.
     
  14. NoNothing macrumors 6502

    Joined:
    Aug 9, 2003
    #14
    I can’t agree with a single word in your comment.

    This was only a flaw AFTER someone figured out how to exploit it. Both Meltdown and Spectre are amazingly simple, but sophisticated, attacks. Simple in it only takes a few lines of assembly. Sophisticated in it took people with a deep understanding to figure out the exploit. There is a reason it took decades to be figured out.

    Once found, mitigation has to be planned. This is not a simple software fix, however, and impacts years of chip designs from multiple companies and architectures. First you have to see if the micro-code can be patched and if not you need to figure out how to patch the OS’s using your chip. There are teams and lines of communication setup to discuss these issues. The players then say “we need x days/weeks/months to design, implement and test a fix”

    UNDER NO CIRCUMSTANCE WOULD YOU DISCLOSE THUS BUG BEFORE MITIGATJON IS IN PLACE OR READY.
     
  15. Wags, Feb 22, 2018
    Last edited: Feb 23, 2018

    Wags macrumors 6502

    Joined:
    Mar 5, 2006
    Location:
    Nebraska, USA
    #15
    Not greedy? Like the barrage of stock option sales before news went public
     
  16. Phonephreak Suspended

    Phonephreak

    Joined:
    Aug 24, 2017
    Location:
    Here and there
    #16
    Kinda like Apple needs to pay for lying to the public about their “power management”. Of course don’t forget about telling customers that their battery’s were good.
     
  17. naujoks macrumors 6502

    naujoks

    Joined:
    Jul 6, 2008
    Location:
    London, UK
  18. Macaholic868 macrumors regular

    Macaholic868

    Joined:
    Feb 2, 2017
    #18
    It’s long since time we passed laws that put the people behind bars who pull this crap instead of invoking corporate personhood and making the corporation plead guilty to some crime that results in paying a fine so puny the C level executive laugh while they cash their million dollar bonus checks.
     
  19. NT1440 macrumors G4

    NT1440

    Joined:
    May 18, 2008
    Location:
    Hartford, CT
    #19
    So in a country in absolute hysterics over “hacking” the overall sentiment in the thread is that the US government shouldn’t have been informed.

    My thoughts on the surveillance state aside I’ll dangle the low hanging fruit:

    What if no disclosure gave the big scary Russians the ability to hack into our intelligence apparatus....seeing as most of it runs on hardware effected by these flaws?
     
  20. AgentAnonymous macrumors regular

    AgentAnonymous

    Joined:
    May 6, 2016
    #20
    Letting the US national security teams know isn't "disclosing the bug". That's something they would do while the fix (if any) is being worked on.
     
  21. TheIntruder macrumors 6502a

    TheIntruder

    Joined:
    Jul 2, 2008
    #21
    It's obvious that many don't know what US CERT is, or the function it performs.

    Guess what, people don't have to become injured or die before NHTSA becomes involved either, which is essentially what Intel's reasoning is.
     
  22. bladerunner2000 macrumors 68000

    bladerunner2000

    Joined:
    Jun 12, 2015
    #22
    Knowing Trump and other Republicans are running the Government, I wouldn't tell those psuedo-politicians either.
     
  23. -BigMac-, Feb 22, 2018
    Last edited: Feb 22, 2018

    -BigMac- macrumors demi-god

    -BigMac-

    Joined:
    Apr 15, 2011
    Location:
    Melbourne, Australia
    #23
    Maybe Intel is called Intel because it’s main purpose through its loopholes is to collect intel for the governments:eek:
     
  24. ThunderSkunk macrumors 68030

    ThunderSkunk

    Joined:
    Dec 31, 2007
    Location:
    Colorado & Ontario
    #24
    Eh. The US gov is on autopilot anyway, during the current smash & grab in progress. For all anyone knows they tried to call but had the misfortune of dialing the State Dept, where only the janitor is still on hand to answer the phone.
     
  25. Naaaaak macrumors 6502

    Joined:
    Mar 26, 2010
    #25
    The NSA and other nameless intelligence services probably directed the inclusion of Meltdown and Spectre years ago for their own benefit.

    What other vulnerabilities have they managed to sneak in that no one else knows about yet? Corporate espionage and sabotage via intelligence services is a thing.
     

Share This Page