/?pid=researchers-find-unfixable-vulnerability-inside-intel-cpus-21586

Updated:04:54 PM EDT Jul 02


this is ggmania.com subsite Researchers Find Unfixable Vulnerability Inside Intel CPUs - TechAmok

Researchers Find Unfixable Vulnerability Inside Intel CPUs - [security]
08:17 AM EST - Mar,06 2020 - post a comment

Researchers have found another vulnerability Inside Intel's Converged Security and Management Engine (CSME). For starters, the CSME is a tiny CPU within a CPU that has access to whole data throughput and is dedicated to the security of the whole SoC. The CSME system is a kind of a black box, given that Intel is protecting its documentation so it can stop its copying by other vendors, however, researchers have discovered a flaw in the design of CSME and are now able to exploit millions of systems based on Intel CPUs manufactured in the last five years. Discovered by Positive Technologies, the flaw is lying inside the Read-Only Memory (ROM) of the CSME. Given that the Mask ROM is hardcoded in the CPU, the exploit can not be fixed by a simple firmware update. The researchers from Positive Technologies describe it as such: "Unfortunately, no security system is perfect. Like all security architectures, Intel's had a weakness: the boot ROM, in this case. An early-stage vulnerability in ROM enables control over the reading of the Chipset Key and generation of all other encryption keys. One of these keys is for the Integrity Control Value Blob (ICVB). With this key, attackers can forge the code of any Intel CSME firmware module in a way that authenticity checks cannot detect. This is functionally equivalent to a breach of the private key for the Intel CSME firmware digital signature, but limited to a specific platform."

Every CPU manufactured in the last 5 years is subject to exploit, except the latest 10th generation, Ice Point-based chipsets and SoCs. The only solution for owners of prior generation CPUs is to upgrade to the latest platform as a simple firmware update can not resolve this. The good thing, however, is that to exploit a system, an attacker must have physical access to the hardware in question, as remote exploitation is not possible.

Short overview of recent news articles

1014HP Lamborghini REVUELTO 369KMH TOP SPEED POV on AUTOBAHN (Jul,02 2025 )

Nvidia Drivers (V 576.80 vs V 576.88) - Test In 12 Games - RTX 4060 (Jul,01 2025 )

AMD Adrenalin 25.6.3 Driver Is Available (Jun,30 2025 )

NVIDIA GeForce RTX 5080 SUPER Could Feature 24 GB Memory, Increased (Jun,30 2025 )

Guess What Nvidia Did THIS Time (Jun,29 2025 )

The 10 Best Dinosaur Movies of All Time (Jun,28 2025 )

Microsoft officially confirms that Windows 11 version 25H2 is coming (Jun,28 2025 )

Eddington - Official Trailer 2 (2025) Joaquin Phoenix, Pedro Pascal (Jun,26 2025 )

Microsoft Say System Restore Points Now Expire After 60 Days (Jun,25 2025 )

Facebook, Netflix, and Microsoft Websites Hijacked to Insert Fake (Jun,25 2025 )

I put a $3000 GPU in my Average PC... It Was a Mistake (Jun,24 2025 )

Best External SSD for Mac 2025: After Weeks of Testing, Here's What (Jun,24 2025 )

Mostly boob jokes this week (RTX 5090 DD) - Tech News June 22 (Jun,23 2025 )

Superman - Official 30 Second Spot (2025) (Jun,21 2025 )

'The fastest road car I've ever been in!' - Ferrari F80 track day (Jun,21 2025 )

CPU SCAM: AMD Ryzen 9800X3D Counterfeits & Fraud (Jun,20 2025 )

28 Years Later Review (Jun,19 2025 )

HW News - NVIDIA "N1x" CPU Leak, ASUS Xbox ROG Ally, More Intel (Jun,18 2025 )

NVIDIA GeForce 576.80 WHQL Driver (Jun,17 2025 )

The Fantastic Four: First Steps - Official 'H.E.R.B.I.E.' Teaser (Jun,16 2025 )

Huawei Maextro S800 First Look - A True BMW & Mercedes Killer? (Jun,15 2025 )

Upgrade Windows 10 to Windows 10 LTSC Without Losing Data (Jun,14 2025 )

Squid Game: Season 3 - Final Games Trailer (Jun,14 2025 )

WWDC 2025: Everything Revealed in 9 Minutes (Jun,11 2025 )

Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws (Jun,10 2025 )

This Malware BREAKS WINDOWS! (Jun,10 2025 )

Reset Forgotten Password without Any Software, without USB drive in (Jun,10 2025 )

Microsoft Will Block Unsupported Hardware For Windows 11 (Jun,08 2025 )

Memory Wars! Apple vs Ryzen - Is Unified Memory Faster than Shared (Jun,08 2025 )

Predator: Killer of Killers - Exclusive Clip (2025) (Jun,06 2025 )

Enable Deep Effect on Samsung One Ui 7 (Jun,06 2025 )

Google Kills Off PayPal in Google Wallet (Jun,05 2025 )

Samsung's Next Flagship Foldable Will be Ultra (Jun,05 2025 )

Over 40 Malicious Chrome Extensions Mimic Popular Brands to Steal (Jun,05 2025 )

The Witcher IV - Unreal Engine 5 tech demo (Jun,03 2025 )

Nintendo Switch 2 Welcome Tour trailer (Jun,02 2025 )

Stranger Things 5 | Date Announcement | Netflix (Jun,01 2025 )

RTX 5060 Review... No wonder NVIDIA tried to stop us from talking (May,31 2025 )

Samsung Galaxy Watch 8 Classic Is Here - 7 New Updates (May,30 2025 )

Biggest Windows 11 24H2 May Update in the Main Release (May,30 2025 )

How Much Money Should You Spend on a Gaming PC? (May,29 2025 )

laud Note vs Note Pin - Which AI Voice Recorder To Choose (May,29 2025 )

Samsung One UI 8.0 vs One UI 7.0 - 25+ Changes (May,29 2025 )

SECRET CODE UPDATE for Samsung Galaxy Phone to Boost Performance & (May,28 2025 )

WhatsApp is finally available on iPad (May,27 2025 )

Simple Trick To Lower CPU Temperatures (May,27 2025 )

Alma & The Wolf - Official Trailer (2025) Ethan Embry, Li Jun Li, (May,26 2025 )

Change These Browser Security Settings NOW (May,25 2025 )

I NEED AMD to Seize This Moment - RX 9060XT (May,24 2025 )

Windows 98 with a G41 Core 2 Duo System (May,23 2025 )

>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs