When bugs are not simple “bugs”
Tech enterprises are getting in trouble. Current media headlines are about Intel Corp. It seems Mueller’s report is doing the dirty laundry of all sectors in public and more than a company will close. Not only Facebook made mistakes and stayed silent about Russian interference. Other techs enterprises had a pretty good track of their records and never noticed US cybersecurity officials. This time it was Intel Corp, who never reported anything about chip security flaws called Meltdown and Spectre. It is quite serious and Intel must explain why they did not tell the United States Computer Emergency Readiness Team about Meltdown and Spectre leaked to the public.
Spectre and Meltdownare well known variations of a vulnerability that affects most of computer chips manufactured in the last 20 years. The flaws are so fundamental and widespread that security researchers are calling them catastrophic. The computer experts were agreeing that the damage is quite irreversible. It is not enough with an updating of the code, it´s necessary to change the entire software. Programmers trying to patch the Linux kernel’s virtual memory system to protect against hardware bug Intel. That bug exposes CPUs security weaknesses and access security keys, passwords and files cached from a disk that can be found by attackers. Nevertheless, researchers believe that Spectreand Meltdown could affect Intel CPUs since 1995. In AMD’s case, the company’s spokesman said they are exempt of those flaws and experts stay out of comments.
After six months Alphabet Inc notified the chipmaker problems. This oversight could bring several troubles to Intel Corp because according to current and former US intelligence agencies the flaws potentially held national security implications. However, Intel, with a naive argument, said that the flaws had not exploited the vulnerabilities. Intel also believes that flaws never represent a critical harm because its performance couldn´t affect industrial control systems. Saving their skin, Intel informed to other technology companies of the use of its chips and the issue about them. But the facts are that Intel silence involves other powerful companies like Microsoft. The software corporation saved themselves from it and their spokesman said they “inform several antivirus software makers about the flaws several weeks ahead of their public disclosure to give them time to avoid compatibility issues”. Alphabet, to clean the mess, alleged that the common practice it´s to leave the decision to inform government officials of the security flaws to the chipmakers.
On the other hand, AMD said Alphabet extended the disclosure deadline from the standard 90 days twice, first on January 3rd, and then on January 9th.At that moment Alphabet gave the chipmakers 3 months to fix the issues before publicly disclosing them. According to Cyber Security agencies, the procedure was violated. Standard sets up practice in the cyber security industry, which obeys to the fact it must delivery targets of bugs on time to fix them before hackers can take advantage of the flaws. The exact bug is related to regular apps, and programs can discover the contents to protect kernel memory areas.
That gets indirectly related to the Russiagate scandal, where several techs enterprises are involved. Besides, recent Mueller’s report mentions the incapacity of Facebook Inc to avoid Russian hacks. It is considered data stolen from users comes from the flaw chips made by Intel. Conspiracy or not, the truth is that despite Alphabet and Google Project Zero informed chipmakers from Intel, Advanced Micro Devices Inc and SoftBank Group Corp, the chips got into the market. It is remarkable that SoftBank Group was notified about it and they got it anyway.
On the last month and as a consequence of the investigation in a course about Russian interference on 2016 election, Special Counsel Robert Mueller put the finger on Tech industry’s wound. All this has shown a falling of chipmaker enterprise’s actions, like the case of Qualcomm (fell 1.05 percent). US National Security Agencies blame the chipmakers as responsible for the infiltration carried out by hackers who created fake bank accounts and purchased space on US servers to use them as virtual private networks to mask their identities. Maybe Donald Trump is not crazy at all and it´s right about the digital warfare and the necessity to increase the national budget of Cyber Command.
In the meantime, Democrats are asking for more money.