A report has revealed that CPU manufacturer Intel revealed details of the recent “Meltdown” CPU bug to Chinese firms before warning the U.S. government.
Engadget reports that CPU manufacturer Intel warned a number of customers including Chinese firms such as Alibaba and Lenovo about the “Meltdown” bug that left millions of CPU’s vulnerable worldwide before they warned the U.S. government. This could have caused a number of security issues because while CPU manufacturer does have to talk to Chinese tech firms to coordinate fixes for their hardware, the Chinese government regularly monitors these conversations and could have used details on the Meltdown bug to exploit Intel CPU’s and intercept data.
Intel would not reveal which companies they had discussed the bugs with but stated that they didn’t have time to contact everyone directly, including the U.S. government, due to the early reveal of the Meltdown and Spectre bugs. Lenovo similarly stated that information relating to the bugs was held under a confidentiality agreement while Alibaba stated that accusations that they shared information with the Chinese government were “speculative and baseless,” but this does not mean that Alibaba’s conversations with Intel were not intercepted by the Chinese government without either companies knowledge.
There is currently no evidence to suggest that the Chinese government took advantage of the exploits but the lack of information provided to the U.S. government left them with little time to prepare fixes for many government computers. Tech firms such as Apple, Amazon, Google, and Microsoft moved fast to issue fixes for their computer systems but the majority of other manufacturers were left in a panic as they attempted to roll out updates to their hardware. This means that many vendors running extremely high-value systems but weren’t notified early were left at an extreme risk. It would seem that Intel failed to take into account the cyberwarfare impact of their early notifications.