Chinese firms knew about Spectre and Meltdown before the US government

null

Intel alerted Chinese companies to the Spectre / Meltdown vulnerabilities before notifying the US government, reports have claimed.

According to The Wall Street Journal, Intel notified both Alibaba and Lenovo group about the flaws before it told government watchdogs, heightening fears around possible Chinese spying on the US.

Alibaba said nothing about Intel’s notification, but did say that claims of the Chinese government obtaining the information were “speculative and baseless.”

Speaking with the Journal, experts are saying there’s no evidence the information was misused in any way.

A former NSA employee, and the head of Rendition Infosec security company told the site it was almost certain the Chinese government knew about the threat due to keeping tabs on communications between the companies.

“The Google Project Zero team and impacted vendors, including Intel, followed best practices of responsible and coordinated disclosure," Intel said in a statement.

"Standard and well-established practice on initial disclosure is to work with industry participants to develop solutions and deploy fixes ahead of publication. In this case, news of the exploit was reported ahead of the industry coalition’s intended public disclosure date at which point Intel immediately engaged the US government and others,” an Intel spokesperson told The Hill.

First revealed earlier in January, Spectre and Meltdown are flaws in processors, found in virtually all machines we have today (computers, tablets, smartphones). They allow attackers to access a vulnerable machine and extract valuable data.  

Image source: Shutterstock/lolloj