07:52 09th Mar, 2020
Security Flaw in Intel Chips Causes Serious Concern | TechTree.com
Security Flaw in Intel Chips Causes Serious Concern
Researchers are concerned that the vulnerability around the boot-up options may remain unfixable
Security researchers last week found a major security flaw inside Intel’s processors that could mess up hardware-based encryption efforts and DRM protections. The vulnerability is found at the hardware level across chips released over the past five years that could allow attackers to create malware and steal data.
The problem lies at the converged security management engine (CSME) where the processors secure all firmware that runs on Intel-powered machines, says Security firm Positive Technologies that originally discovered the flaw. “This vulnerability jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company’s platforms,” explains security researcher Mark Ermolov in a blog post.
The phrase “DRM protected” means that digital content that is available on the hardware that it is applied to restricts on how it can be used. "Digital rights management" is the term that describes a systematic authorization for the use of copyrighted material such as music, movies, television programs, books and games.
Though Intel has previously patched vulnerabilities in the CSME, but the researchers warn the CSME firmware is unprotected early on when a system boots so it’s still vulnerable to attacks.
“We should point out that when our specialists contacted Intel PSIRT to report the vulnerability, Intel said the company was already aware of it (CVE-2019-0090). Intel understands they cannot fix the vulnerability in the ROM of existing hardware. So they are trying to block all possible exploitation vectors,” Ermolov says.
The latest vulnerability is another in a string of Intel chip flaws that have damaged the chipmaker's reputation of late. In 2018, Intel faced heavy criticism over the Meltdown and Spectre flaws in Intel chips that could have allowed attackers to steal data.
Explaining the issue in simple terms, Steve Dent writes on Engadget.com that the CSME, with its own 486-based CPU, RAM and boot ROM, is the first thing that runs when you boot up your computer. “One of the first things it does is protect its own memory, but before that happens, there's a brief moment when it's vulnerable. If hackers have local or physical access to a machine, they might be able to fire off a DMA transfer to that RAM, overwriting it and hijacking code execution,” he adds.
Since the ROM vulnerability allows seizing control of code execution before the hardware key generation mechanism in the SKS is locked, and the ROM vulnerability cannot be fixed, we believe that extracting this key is only a matter of time. When this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted, Dent concludes.
- DRIFE Begins Operations in Namma Bengaluru
- Sevenaire launches ‘NEPTUNE’ – 24W Portable Speaker with RGB LED Lights
- Inbase launches ‘Urban Q1 Pro’ TWS Earbuds with Smart Touch control in India
- Airtel announces Rs 6000 cashback on purchase of smartphones from leading brands
- 78% of Indians are saving to spend during the festive season and 72% will splurge on gadgets & electronics
- 5 Tips For Buying A TV This Festive Season
- Facebook launches its largest creator education program in India
- 5 educational tech toys for young and aspiring engineers
- Mid-range smartphones emerge as customer favourites this festive season, reveals Amazon survey
- COLORFUL Launches Onebot M24A1 AIO PC for Professionals