Updated:04:11 PM EDT May 24

this is subsite Researchers Find Unfixable Vulnerability Inside Intel CPUs - TechAmok

Researchers Find Unfixable Vulnerability Inside Intel CPUs - [security]
08:17 AM EST - Mar,06 2020 - post a comment

Researchers have found another vulnerability Inside Intel's Converged Security and Management Engine (CSME). For starters, the CSME is a tiny CPU within a CPU that has access to whole data throughput and is dedicated to the security of the whole SoC. The CSME system is a kind of a black box, given that Intel is protecting its documentation so it can stop its copying by other vendors, however, researchers have discovered a flaw in the design of CSME and are now able to exploit millions of systems based on Intel CPUs manufactured in the last five years. Discovered by Positive Technologies, the flaw is lying inside the Read-Only Memory (ROM) of the CSME. Given that the Mask ROM is hardcoded in the CPU, the exploit can not be fixed by a simple firmware update. The researchers from Positive Technologies describe it as such: "Unfortunately, no security system is perfect. Like all security architectures, Intel's had a weakness: the boot ROM, in this case. An early-stage vulnerability in ROM enables control over the reading of the Chipset Key and generation of all other encryption keys. One of these keys is for the Integrity Control Value Blob (ICVB). With this key, attackers can forge the code of any Intel CSME firmware module in a way that authenticity checks cannot detect. This is functionally equivalent to a breach of the private key for the Intel CSME firmware digital signature, but limited to a specific platform."

Every CPU manufactured in the last 5 years is subject to exploit, except the latest 10th generation, Ice Point-based chipsets and SoCs. The only solution for owners of prior generation CPUs is to upgrade to the latest platform as a simple firmware update can not resolve this. The good thing, however, is that to exploit a system, an attacker must have physical access to the hardware in question, as remote exploitation is not possible.

Short overview of recent news articles

How the Teenage Players of Habbo Hotel Turned to Financial Crime (May,24 2020 )

8 things NOT to do in Germany (May,24 2020 )

Google Launches Suite of New Accessibility Features (May,24 2020 )

Intel Rocket Lake CPU Appears with 6 Cores and 12 Threads (May,23 2020 )

Tenet - new trailer (May,23 2020 )

Xiaomi Mi Band 5 rumored to gain SpO2 sensor (May,23 2020 )

Intel Core i9-10900K hits 7.7GHz on liquid helium (May,21 2020 )

Apple and Google Launch COVID-19 Exposure Notification (May,21 2020 )

T-Mobile Offers Free Service to First Responders (May,21 2020 )

Intel Core i9-10900K Review (May,21 2020 )

Space Force - Official Trailer (May,20 2020 )

THE HOOD INTERNET presents 1986 (May,18 2020 )

The Best Upcoming ACTION Movies 2020 (Trailers) (May,18 2020 )

Da 5 Bloods - Official Trailer (May,18 2020 )

Driver Performs Strange and Dangerous U Turn (May,18 2020 )

Watch This 1,500-HP Honda Civic Go From 0 To 60 MPH In A Crazy 1.1 (May,18 2020 )

Xfinity Mobile Launches 5G Service (May,18 2020 )

Netflix is restoring streaming quality in Europe (May,16 2020 )

TCL-Branded Phones Launch in US on May 19 (May,14 2020 )

GTA V is free on the Epic Games Store (May,14 2020 )

Unreal Engine 5 Revealed! (PS5) (May,13 2020 )

Microwaving a Highlighter Has a Surprising Reaction! (May,12 2020 )

Intel i9-10900K CPU runs very hot & consumes 235W (May,12 2020 )

WhatsApp will soon allow 50 person video calls (May,11 2020 )

All Samsung Galaxy Phones Since 2014 Are Vulnerable (May,10 2020 )

The process of making friends with a carpenter bee (May,09 2020 )

Windows 10 20H1 Update releases on May 26th (May,09 2020 )

Ashes of the Singularity: Escalation for Free (May,08 2020 )

AMD Ryzen 3 3300X and Ryzen 3 3100 Reviews (May,08 2020 )

iOS 13.5 Can Automatically Share Medical Info with 911 Operators (May,08 2020 )

Verizon Launches LG Q70 (May,08 2020 )

BECKY Trailer (2020) Kevin James as Neo-Nazi Thriller Movie (May,07 2020 )

Shit the simpsons really did predict 2020 (May,07 2020 )

Zoom Threesome (May,07 2020 )

Our Only Hope Against The Murder Hornet Is The Praying Mantis (May,07 2020 )

Call of Duty: Warzone - JaredFPS Highlights at 144+ FPS (May,05 2020 )

Cyberpunk 2077 news set for June 11 (May,05 2020 )

MS researchers solve two 20-year-old problems in quantum computing (May,05 2020 )

T-Mobile Launches Triple-Band "Layer Cake" 5G in NYC (May,05 2020 )

Optical Fingerprint Sensors Can Now be Embedded in LCDs (May,05 2020 )

NVIDIA's Ampere GPUs will be based on TSMC's 7nm node (May,04 2020 )

iOS 13.5 Adds Face Mask Detection, Contact Tracing (May,04 2020 )

Intel 10th Generation Comet Lake Desktop Processors and 400-Series (May,02 2020 )

Lovecraft Country: Official Teaser - HBO (May,02 2020 )

Windows 10 May 2020 Update on May 28 (May,01 2020 )

Mafia 3 is free to play on Steam until May 7th (Apr,30 2020 )

Hottest Babes on the Internet #102 (Apr,30 2020 )

Cyberpunk 2077 Deep Dive Gameplay in 8k (Apr,28 2020 )

WhatsApp rolls out support for 8 participants on group video calls (Apr,28 2020 )

How Netflix's Extraction Engineered a 12-Minute, One-Shot Action (Apr,28 2020 )

>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs