Menu
Intel left cyber officials in the dark about chip flaws

Intel left cyber officials in the dark about chip flaws

Alphabet said that security researchers informed chipmakers of the problems in June

Intel did not inform US cyber security officials of the so-called Meltdown and Spectre chip security flaws until they leaked to the public, six months after Google parent, Alphabet, notified the chipmaker of the problems, according to letters sent by tech companies to lawmakers on 22 February.

Current and former US government officials have raised concerns that the government was not informed of the flaws before they became public because the flaws potentially held national security implications. Intel said it did not think the flaws needed to be shared with US authorities as hackers had not exploited the vulnerabilities.

Intel did not tell the United States Computer Emergency Readiness Team, better known as US-CERT, about Meltdown and Spectre until 3 January, after reports on them in online technology site The Register had begun to circulate.

US-CERT, which issues warnings about cyber security problems to the public and private sector, did not respond to a request for comment.

Details of when the chip flaws were disclosed were outlined in letters sent by Intel, Alphabet and Apple on Thursday in response to questions from Representative Greg Walden, an Oregon Republican who chairs the House Energy and Commerce Committee. The letters were seen by Reuters.

Alphabet said that security researchers at its Google Project Zero informed chipmakers Intel, Advanced Micro Devices Inc and SoftBank Group Corp-owned ARM Holdings of the problems in June.

It gave the chipmakers 90 days to fix the issues before public disclosing them, standard practice in the cyber security industry intended to give the targets of bugs time to fix them before hackers can take advantage of the flaws.

Alphabet said it left the decision of whether to inform government officials of the security flaws up to the chipmakers, which is its standard practice.

Intel said it did not inform government officials because there was "no indication that any of these vulnerabilities had been exploited by malicious actors," according to its letter.

Intel also said it did not perform an analysis of whether the flaws might harm critical infrastructure because it did not think it could affect industrial control systems. But Intel said that it did inform other technology companies that use its chips of the issue, according to its letter.

Intel, Alphabet and Apple could not immediately be reached for comment.

AMD, ARM, Microsoft Corp and Amazon.com also responded to questions from lawmakers.

Microsoft said that it did inform several antivirus software makers about the flaws "several weeks" ahead of their public disclosure to give them time to avoid compatibility issues. AMD said that Alphabet extended the disclosure deadline from the standard 90 days twice, first to 3 January, then to 9 January.

(Reporting by Stephen Nellis in San Francisco; Additional reporting by David Shepardson and Dustin Volz in Washington; Editing by Bill Rigby)


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Googleintelmeltdownspectre

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments