March 7, 2021
'Unfixable' hole in Intel ROM exposes all but latest chips to attack, researchers say

‘Unfixable’ hole in Intel ROM exposes all but latest chips to attack, researchers say


intel-thumb.jpg

Intel chips have another hole that may leave computers exposed to attack. 


Ben Fox Rubin/CNET

Security researchers have discovered a hole in Intel’s read-only memory that it believes cannot be fixed and leaves all but Intel’s latest 10th-generation devices exposed. The discovery, announced Thursday by security firm Positive Technologies, points out an error in Intel’s boot ROM that allows each system with the hole to be susceptible to a hack.  

The vulnerability was found in the ROM of the Intel Converged Security and Management Engine (CSME), Mark Ermolov, Positive Technologies’ lead specialist of OS and hardware security, said in a blog post. It “jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company’s platforms,” he said.

“The problem is not only that it is impossible to fix firmware errors that are hard-coded in the Mask ROM of microprocessors and chipsets,” Ermolov added. “The larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole.”

When the London-based company contacted Intel it was told the chip giant was already aware of the hole.

The Intel CSME is responsible for the first authentication, loading and verifying the firmware of Intel-based devices. By being exposed early in the boot process, it could leave the computer exposed to the point where Positive Technologies envisions a worst-case scenario where “hardware IDs will be forged, digital content will be extracted and data from encrypted hard disks will be decrypted.”

Intel updated a patch to fix some of the vulnerabilities last month, crediting Positive Technologies in its acknowledgments. But the researchers believe the hole is incapable of ever being fully filled.

Positive Technologies said this hole is exposed on all but Intel’s latest 10th-gen chips. It noted that “there might be many ways to exploit this vulnerability in ROM,” some of which “might require local access” such as malware while others might need “physical access” to a computer target in question.

Intel acknowledged a potential issue.

“Intel was notified of a vulnerability potentially affecting the Intel Converged Security Management Engine in which an unauthorized user with specialized hardware and physical access may be able to execute arbitrary code within the Intel CSME subsystem on certain Intel products,” Intel spokesperson Leigh Rosenwald said in a statement. 

“Intel released mitigations and recommends keeping systems up-to-date,” adding that anyone looking for “additional guidance specific to CVE-2019-0090” can find it here.

Read moreBest 15-inch laptops of 2020 for work, gaming or both 


Now playing:
Watch this:

Time to delete your (unused) apps



1:06



Source link

173 thoughts on “‘Unfixable’ hole in Intel ROM exposes all but latest chips to attack, researchers say

  1. Oh my goodness! Amazing article dude! Thanks, However I am going through troubles with your RSS. I don’t know why I can’t join it. Is there anybody having the same RSS problems? Anyone that knows the solution will you kindly respond? Thanx!!

  2. Superb blog! Do you have any suggestions for aspiring writers?I’m planning to start my own site soon but I’m a little lost on everything.Would you suggest starting with a free platform like WordPress or go for a paidoption? There are so many options out there that I’m completely confused ..Any tips? Kudos!

  3. Right here is the right webpage for everyone whowants to understand this topic. You understand awhole lot its almost tough to argue with you (not that I actually will need to…HaHa).You certainly put a fresh spin on a topic that hasbeen written about for ages. Wonderful stuff, just wonderful!

  4. Greetings from Carolina! I’m bored to death atwork so I decided to browse your website on my iphone during lunch break.I love the info you provide here and can’t wait to take a look when I get home.I’m shocked at how quick your blog loaded on my phone ..I’m not even using WIFI, just 3G .. Anyhow, fantastic blog!

  5. I absolutely love your blog and find nearlyall of your post’s to be exactly what I’m looking for.Do you offer guest writers to write content in your case?I wouldn’t mind publishing a post or elaborating on a number of the subjects you writeconcerning here. Again, awesome weblog!

  6. Hi there! Do you know if they make any plugins to help with Search Engine Optimization? I’m trying to get my blog to rank for some targeted keywords but I’m not seeing very good results.If you know of any please share. Thank you!

  7. tor сайт гидра – топовая организация для теневых товаров, где можно найти все что угодно. Чтобы приобщиться с разнообразием магазина, требуется произвести вход в Гидра анион.

  8. I’m really loving the theme/design of your web site. Do you ever run into any browser compatibility issues?
    A couple of my blog audience have complained about my site not operating correctly in Explorer but looks great in Opera.
    Do you have any recommendations to help fix this problem?

Leave a Reply

Your email address will not be published. Required fields are marked *