Intel reportedly notified a few Chinese firms of the Spectre and Meltdown flaws well before it revealed the flaw to the United States Government, claims a report from The Wall Street Journal. However, the Journal noted that there had not been any report of misuse of the information by the Chinese companies.
How Chinese firms got hold of the information?
Former National Security Agency employee and current president of Rendition Infosec LLC, Jake Williams, told the WSJ that both the Spectre and Meltdown vulnerabilities would have been an attractive piece of information to any intelligence organization. Williams, further, stated that it is a “near certainty” that the Chinese Government knew about Spectre and Meltdown before the U.S., considering the Communist Party keeps track of all such communications.
It is possible that the Chinese government intercepted the information when the chip maker was in talks with its Chinese customers over the fix. Intel did not reveal the names of the Chinese firms that it notified about the flaws, but stated that it could not inform everyone in time since Meltdown and Spectre were revealed early. According to the Journal, Alibaba and Lenovo may have been the companies notified early.
Speaking to The Hill, an Intel spokesperson said, “In this case, news of the exploit was reported ahead of the industry coalition’s intended public disclosure date at which point Intel immediately engaged the US government and others.”
The Chinese company Lenovo stated that a non-disclosure agreement prevents it from sharing any information. Alibaba, on the other hand, stated that speculations over sharing the information with the Chinese government are “speculative and baseless.” However, this does not rule out the possibility of officials intercepting details about which Alibaba may have no knowledge and control, notes Engadget.
Early lead could have made the difference
Even if we rule out the possibility of Chinese authorities misusing the information, the truth remains that if the U.S. government was involved early, it could have helped with timing the disclosure, giving companies some extra time to come up with a fix.
Although big names like Amazon, Google and Apple came up with a quick solution, everyone else was left clueless about how to fix or allay the flaws. The flaws could have compromised the systems of the vendors, who were still running the flawed processors without any heads up.
Meanwhile, Intel CEO Brian Krzanich has reassured that they will soon come up with a permanent fix for the Spectre and Meltdown vulnerability.
“While we’ve made progress, I am acutely aware that we have more to do. We’ve committed to being transparent, keeping our customers and owners appraised of our progress and, through our actions, building trust,” Krzanich said during a fourth-quarter earnings call.
Further, the Intel CEO stated that security is the underlying strength of their products and is critical for ensuring the success of their data-centric strategy. Krzanich also informed that they are working to incorporate the silicon-based changes in future products to directly address the Spectre and Meltdown threats. These products would come somewhere towards the end of the year.