By now, everyone knows the Intel chips by their flaws - Spectre and Meltdown - but may not have known that Intel told its Chinese customers before it told the U.S. government. That kind of makes you wonder if Intel is a U.S. or a Chinese company. If asked, I’m pretty sure Intel would just say “Yes.” They “follow Chinese laws in China” as do many U.S. and foreign companies.
Notifications to Lenovo and Alibaba, along with Microsoft, Amazon, and Google were prudent for a company with a footprint in both places. The plausible explanation would be met with a yawn in most security circles. It is common practice to tell your major customers before anyone else, and good business too. The Homeland Security and CERT people in the U.S. were shocked to find they were left out of the notifications until late in the game. That is because they have done so well at keeping them a secret in the past. That is a joke, of course.
This Wall Street Journal article speculates that the Central Government would then know about the flaws and exploit them before anyone had a chance to make changes to stop them. That assumes the Chinese Goverment did not already know about the flaws because they introduced them to begin with. This is a much bigger problem than anyone will ever know, because the Chinese are making network equipment and dominate the market in those products. If they actually did design a backdoor into every chip made there, it would not be very surprising, but it would be devastating to the global business reputation of Intel. I wonder if the Chinese would care. They would be glad to take over that part of the market which they have already done in other chip sets. Intel taught them to make chips at their factories in China, but Intel would not teach them to keep the Central Government at arms reach. In China, there is no such concept.
No comments:
Post a Comment