A major security flaw was recently discovered in a number of modern processors which could grant hackers access to users’ data. The flaw could allow hackers access a user’s passwords, encryption keys and other sensitive information which are stored in the protected kernel memory of his or her computer, phone or tablet. The flaws are simply identified by the names Spectre and Meltdown and they affect chips manufactured by Intel and Arm, with affected models going back several decades. Intel is the largest maker of chips for PCs and laptops so the number of systems that could be affected run into millions of units. Intel’s rival AMD believes its chips are safe, saying in a statement, “Due to differences in AMD’s architecture, we believe there is a near zero risk to AMD processors at this time.”
Although the chipmakers have hinted that they have got fixes ready to be installed on affected units, but the timeline of who Intel contacted about the flaws and when they did that might be contentious. Wall Street Journal sources have claimed that Intel initially told a handful of customers about the processor vulnerabilities. The company is reported to have informed Chinese tech companies like Alibaba and Lenovo but did not inform the US government since most of the affected chips might be in the hands of Americans and there are several U.S vendors running systems that are vulnerable to the flaws.
Ordinarily, this shouldn’t be an issue as the tech giant needs to coordinate fixes with its partners but because of the Chinese government policy, it portends danger bearing in mind that the Chinese government routinely monitors conversations like this. Thus it is possible that the Chinese government could have theoretically exploited the holes to intercept data before patches were available. We are not sure anything of such ever happened anyway.
An Intel spokesman wasn’t forthcoming on details of who it informed and even added that the company couldn’t notify everyone (including US officials) in time because Meltdown and Spectre had been revealed early. Lenovo, on its part, allayed fears by disclosing that the information was protected by a non-disclosure agreement. Alibaba also released a response labeling any accusations of sharing info with the Chinese government as “speculative and baseless,” but that doesn’t rule out the possibility of Chinese officials intercepting details without Alibaba’s knowledge. There is no evidence that the Chinese government exploited these flaws but informing the U.S government could have helped coordinate disclosures to ensure that enough companies had fixes in place. Big names like Apple, Amazon, Google, and Microsoft were ready relatively quickly, but others were left racing to fix or mitigate the flaws. If viewed from another perspective, it would be realized that Intel had to limit the number of vendors notified in other to minimize leaks before patches are ready.