A new report claims that Intel told a number of its customers about the security flaws in its chips before it notified the U.S government, and some are concerned about the decision to notify Chinese companies.
The new article comes from the Wall Street Journal. Despite no evidence of misuse, security researchers contacted for the report expressed concerns that Chinese companies receiving the info could cause knowledge of the flaws “to fall into the hands of the Chinese government before being publicly divulged.”
Jake Williams, a former NSA employee and president of the security company Rendition Infosec LLC, told the Journal that it was a “near certainty” the Chinese government was aware of conversations between Intel and its partners in China.
It’s obvious that intelligence agencies would have an interest in this information, as the Meltdown and Spectre flaws could allow access to sensitive data.
The flaws were first identified last June, but weren’t known to the public until this month. As a Department of Homeland Security official told the Journal, “We certainly would have liked to have been notified of this.”
There is some reasoning behind the decision to only notify a few companies — it cuts down on possible leaks and allows companies to develop their own fixes before the flaws become more widely known.
Still Dealing With Spectre
But these flaws — Spectre, in particular — haven’t been easy to deal with. A recent Intel patch for Spectre caused more problems than it solved, with the company still working on issuing an update that won’t cause users’ computers to reboot.
In fact, Microsoft has issued a new patch for its computers which specifically disables Intel’s own Spectre patch. This patch from Microsoft should cause computers to stop the rebooting process until Intel issues its own new update — let’s hope the new one works better that the last one. (H/T Engadget)