Social Icons

Friday, March 6, 2020

Uncorrectable flaw in Intel chips could create 'total chaos'

Researchers have found a nasty bug in an essential component that is at the base of the entire cryptographic chain of trust in Intel systems. This vulnerability allowed to decrypt or modify everything on a machine.

Bad news for Intel chip users. Security researchers at Positive Technologies have discovered a flaw in the Boot ROM of the Converged Security and Management Engine (CSME), a hardware memory component that is the basis of the entire cryptographic chain of trust for Intel computers. Executed at the very start of startup, this software - which is therefore impossible to correct - will generate the Trusted Platform Module (TPM), a special memory area that allows encryption keys to be stored securely.
The CSME is also the cryptographic sponsor of the UEFI firmware (the successor to the BIOS) and of the Power Management Controller. In addition, it implements functions called "Enhanced Privacy ID", which allow authentication of other protection systems on the computer, for example dedicated to securing content protected by copyright (DRM) or financial transactions.

This flaw concerns all recent Intel chips, with the exception of the latest generation. It modifies the execution of CSME and potentially affects the security of all of these technologies that depend on it. In particular, it would allow access to a hardware encryption key used to encrypt the Chipset Key, a master key used to generate all other encryption keys. "However, this [hardware] key is not specific to the platform. A single key is used for a whole generation of Intel chipsets (…). We believe that extracting this key is only a matter of time. When this happens, total chaos will reign. Hardware identifiers will be falsified, protected digital content will be extracted, and encrypted data from hard drives will be decrypted, ”said Positive Technologies in a blog note. As this flaw is at the hardware level, the only solution to permanently remove the risk would be to change the hardware. Contacted by Positive Technologies, Intel nevertheless seeks to play down the situation. The American giant was already aware of this flaw, which was referenced under the number CVE-2019-0090. In a press release sent to Ars Technica, he believes that it can only be exploited through "physical access and special equipment". A patch was also released in 2019 to prevent potential attack

But Positive Technologies believes that the Intel patch covers only one attack vector, and that there are many more. In addition, operation would not necessarily require physical access, but could be done through "local access". According to ZDnet, who spoke with one of the researchers, that means malware with root privileges or BIOS access could do the trick. Positive Technologies plans to publish a white paper soon which should provide more technical details on the subject.

Sources: Ars Technica

No comments:

Post a Comment

Learn Python For Beginners

Category Of Mobile Courses

Actualités (644) Adsense (1) Affiliation (1) Algebraic Topology (2) Algorithmic (1) all-news (30) Android (5) Android App (8) Android app without code (4) Android Apps (256) Android Development (4) Android download (2) Android OS (3) AngularJS (1) Automata theory and formal language (5) Bootstrap CSS (1) C programming (5) Category and Functor (8) CMS (3) Computer Glossary (18) Create Mobile App With Ionic Framework (2) CSS (2) CSS-Cascading-Style-Sheets (4) Developpement Java (13) Differential Geometry (1) Django-Python-Framework (15) dropshiping (26) Earn Money by Internet (4) Emplois (23) Framework php (2) Fraud (2) Github (2) HTML (9) IT News (3) Java For Beginners (10) Javascript (12) Kotlin Programming Language (8) Kotlin For Mobile Android (1) Linux Download (2) Marketing (5) Mobile (3) Mobile Courses (4) Mobile Marketing (4) MoneyGram (1) News (721) Node.js (5) Open Source (1) Photoshop (1) Protect Computer (1) Python (37) Python BeautifulSoup (1) Python For Data Science (2) Python PyQt (13) Python Reference (1) Python Source Code (10) Python-Books (6) Python-DVD-Training (1) Python-Exercises (305) Python-Framework (1) Python-IDE (1) Python-Kivy-Framework (2) Python-Modules (1) Python-pdf (2) Python-pyQt (1) python-temp (3) Référencement (2) Script PHP (2) Security (6) SEO (1) Snipping Tool: Faq (1) Social Networks (1) Source Code (4) Statistics With SPSS (2) Surveillance Software (1) Travail à domicile (6) Tutoriels php en vidéos (2) Tutoriels-MySql (6) tutoriels-php (19) Utilitaires (1) VPS (1) Web Hosting (1) Webcam (1) Webmarketing (11) Western Union (1) Windows 10 (1) Windows 7 (4) Windows 7 Faq (2) Windows 8 (1) Windows Accessories (1) Windows Download (8) Windows Drivers (1) Windows Fonts (1) Windows Power Shell (2) Windows Registry (2) Windows Security (18) Windows Software (2) Windows Spyware (2) Windows utilities (3) Windows Virus (2) Windows Vista (3) Windows Wireless (1) Windows xp (1) Wordpress (1)

Sample text

Sample Text

Blogger Templates