News

Another Intel Vulnerability, and it’s Unfixable…

Honestly, I saw this story this morning and I couldn’t help but think “what? Again… meh, same s*** different day” but that doesn’t make it any less of a serious issue. Researchers at Positive Technologies found the vulnerability Inside Intel’s Converged Security and Management Engine (CSME). I mean, that’s what I go digging through in my spare time too, but alas, they found that the CSME is actually a tiny CPU within a CPU.

The little chip in a chip is responsible for the security of the SoC. It’s basically a secure box for all the secret data handling on the chip I guess. However, they’ve cracked it and that means that now many millions of Intel CPU based systems from the last five years are now vulnerable.

Whoops

“Unfortunately, no security system is perfect. Like all security architectures, Intel’s had a weakness: the boot ROM, in this case. An early-stage vulnerability in ROM enables control over the reading of the Chipset Key and generation of all other encryption keys. One of these keys is for the Integrity Control Value Blob (ICVB). With this key, attackers can forge the code of any Intel CSME firmware module in a way that authenticity checks cannot detect. This is functionally equivalent to a breach of the private key for the Intel CSME firmware digital signature, but limited to a specific platform.” – Positive Technologies

Am I Safe?

It looks like every Intel CPU of the last 5 years is suffering this unfixable issue. However, the 10th Gen, Ice Point chipsets and SoCs are not affected by it. The only saving grace is that you need physical access to the hardware as it cannot be done remotely. Of course, that may be good for your gaming PC in your bedroom, not so great for your office computer in a sensitive industry.

Peter Donnell

As a child still in my 30's (but not for long), I spend my day combining my love of music and movies with a life-long passion for gaming, from arcade classics and retro consoles to the latest high-end PC and console games. So it's no wonder I write about tech and test the latest hardware while I enjoy my hobbies!

Disqus Comments Loading...

Recent Posts

Corsair Vengeance RGB EXPO 32GB Dual Channel Kit 

SetSetYesNumber of products in set2LightingLightingYesLighting ColourRGBMemoryMemory size (total)32 GBMemory TypeDDR5Number of modules2Memory Speed6000 MHzMemory voltage1.4…

8 hours ago

DeepCool AG300 CPU Cooler 

The AG300 is a compact single-tower CPU cooler representing a new generation update from the…

8 hours ago

ASUS ROG Ryujin III 240 Performance AIO CPU Liquid Cooler with OLED Display

Go cooler than cool with the ROG Ryujin III. Its roomy 3.5-inch LCD screen displays…

8 hours ago

Varmilo VEA88 Charcoal TKL Gaming Keyboard, MX-Red, White-LED

TKL mechanical keyboard with 88 keys in a UK ISO layout V-silk PBT keycaps with…

8 hours ago

Refract Gaming Indigo – 1440p/4K Pro Pre-Built Gaming PC

Pre-built gaming PC for elite tier gaming and high-quality streaming Cherry-picked hardware and hand-built by…

9 hours ago

Next Major Title Update For Dragons Dogma 2 Has Been Revealed

As I said before in this article about the best mod to get for Dragons…

9 hours ago