The Spectre and Meltdown flaws are without a doubt two of Intel’s biggest issue this year. Since the discovery of the vulnerabilities, the semiconductor company has been liaising with several key industry players to fix them.
Unfortunately for Intel, who it contacted first might have allowed for a possible exploitation on a national (global even) level. According to a report on Engadget, a source inside the Wall Street Journal had told them that when the Spectre and Meltdown vulnerabilities were discovered, Intel made it a point to tell Chinese tech companies like Alibaba and Lenovo first, and not the U.S. government.
Why is this important? Because while Lenovo may not have directly liaised with the Chinese government per se, the latter still routinely monitors any and all corporate conversations. Therefore, it is possible that the Chinese government could’ve taken that information and exploited those flaws before Intel could scurry out the patches in time.
To be clear, there is no proof or evidence to suggest that China did act on the vulnerability, but the focus here is that, again, Intel didn’t make informing the U.S. Government a priority. The argument is this; had Intel told the U.S. government about the issue, it could have helped coordinate the disclosures, allowing several other tech companies to have fixes to the issue in place. Yes, Lenovo and Alibaba are big names in the world of technology, but so too are Apple, Amazon, Google, and Microsoft.
Naturally, Intel has refrained from telling the media who else they had initially informed, but also added that they couldn’t notify everyone in time because both flaws had been revealed early. In the case of Lenovo and Intel; Lenovo said that the information provided to them was protected by an NDA, while Alibaba has exclaimed that any suggesting that the company shares information with the Chinese government is ‘speculative and baseless’, at best.
The Spectre and Meltdown vulnerabilities have been thorns in Intel’s side since its discovery. To be fair, Intel has been rolling out patches, but as of last week, the company had told consumers and partners to ‘hold out on using it’, at least until it comes up with a better solution.