Intel didn't tell officials about Meltdown & Spectre until made public


Letters sent to US lawmakers by Intel, Alphabet and Apple have revealed that Intel did not inform US cyber security officials of the Meltdown and Spectre security flaws until after they had been leaked to the public. 

The US government has raised concerns over how the chipmaker waited six months after being made aware of the security flaws by Alphabet to inform US authorities who believe that exploits based on Meltdown and Spectre could affect the country's national security.  Intel stood by its decision not to inform US officials as the flaws have not yet been exploited by hackers. 

However, the US government is insisting that the company should have told the United States Computer Emergency Readiness Team (US-CERT) about Meltdown and Spectre after security researchers at Google's Project Zero first informed it of the security flaws found in its chips along with those of AMD and ARM. 

Intel, Alphabet and Apple sent letters responding to questions from Representative Greg Walden on when they first became aware of the security flaws.    

Alphabet noted that after discovering Meltdown and Spectre, it had informed Intel, AMD and ARM Holdings of the problems in June.  At that time it gave each of the companies 90 days to fix the issues before making them public as is its standard procedure upon discovering security flaws. 

Alphabet also left the matter of informing government officials up to the companies whose products contained security flaws as it usually does in these matters. 

In its letter to officials, Intel noted that it had not performed an analysis of whether the flaws could be exploited to harm critical infrastructure because it did not think they could be used to so.  The chipmaker also said that it had informed other technology companies using its products of the issue after it found out about the flaws. 

Image Credit: mdgn / Shutterstock