marquimvfs
Member
Positive Technologies claim that pretty much every Intel processor released in the last five years has a security flaw baked into the silicon which can’t actually be fixed, although the chip maker is already implemented mitigations. According to the source, the "good" part of the history is that the new security flaw could only be exploited when physically present.
The vulnerability, which is present in Intel’s Converged Security and Management Engine (CSME) – a subsystem inside the CPU which takes care of all manner of important security duties, right from pushing the power button – is not trivial to exploit. According to source, it’s a tricky matter to do so, so we shouldn't wait for mass attacks and malwares being received trough internet.
But it’s still a worrying state of affairs when there’s apparently a security flaw directly in the silicon which isn’t fixable, as it can’t be patched via a firmware update, Positive Technologies observes that this is because the problem is present in the “very early stages of the subsystem’s [CSME’s] operation, in its boot ROM”, and that it’s “impossible to fix firmware errors that are hard-coded in the mask ROM.”
The security firm further notes that Intel has said it’s already aware of the issues here, and understands that it cannot fix the vulnerability in the ROM, so instead it’s attempting to patch all possible attack vectors. But mitigating against every conceivable exploit could obviously be a difficult process. They also warned: “This vulnerability jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company’s platforms … The larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole.”
In short, it’s another blow to Intel’s reputation on the security front.
Source:
blog.ptsecurity.com
www.techradar.com
The vulnerability, which is present in Intel’s Converged Security and Management Engine (CSME) – a subsystem inside the CPU which takes care of all manner of important security duties, right from pushing the power button – is not trivial to exploit. According to source, it’s a tricky matter to do so, so we shouldn't wait for mass attacks and malwares being received trough internet.
But it’s still a worrying state of affairs when there’s apparently a security flaw directly in the silicon which isn’t fixable, as it can’t be patched via a firmware update, Positive Technologies observes that this is because the problem is present in the “very early stages of the subsystem’s [CSME’s] operation, in its boot ROM”, and that it’s “impossible to fix firmware errors that are hard-coded in the mask ROM.”
The security firm further notes that Intel has said it’s already aware of the issues here, and understands that it cannot fix the vulnerability in the ROM, so instead it’s attempting to patch all possible attack vectors. But mitigating against every conceivable exploit could obviously be a difficult process. They also warned: “This vulnerability jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company’s platforms … The larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole.”
In short, it’s another blow to Intel’s reputation on the security front.
Source:
Intel x86 Root of Trust: loss of trust
The scenario that Intel system architects, engineers, and security specialists perhaps feared most is now a reality. A vulnerability has ...
Latest Intel CPUs have 'impossible to fix' security flaw
All Intel processors made in the last five years potentially at risk
