Intel’s once again in the limelight regarding the security flaws of its chipset. The flaw is virtually unfixable and lets hackers and attackers defeat a host of security measures built into the chipset and other secondary measures like the Apple T2 chip. Chips as old as 5 years can be affected by this flaw. The flaw resides in the Converged Security and Management Engine, a subsystem inside Intel CPUs and chipsets. Also known as CSME, this feature implements the firmware-based Trusted Platform Module used for silicon-based encryption, authentication of UEFI BIOS firmware, Microsoft System Guard and BitLocker, and other security features.
The bug stems from the failure of the input-output memory management unit—which provides protection preventing the malicious modification of static random-access memory—to implement early enough in the firmware boot process. That failure creates a window of opportunity for other chip components, such as the Integrated Sensor Hub, to execute malicious code that runs very early in the boot process with the highest of system privileges.
The flaw is reportedly completely unfixable because it’s hard-coded into the mask ROM, making it impossible for Intel to fix it via a firmware update.
The researchers from the security firm Positive Technologies are the one’s who discovered the flaw.Because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole,” wrote security firm Positive Technologies in a blog post announcing the issue.
Intel has acknowledged this issue and a representative said on background that installing the CSME and BIOS updates with the end of manufacturing set by the system manufacturer “should” mitigate local attacks. Physical attacks, in which attackers have possession of a targeted computer, might still be possible if CSME hardware-based anti-rollback features aren’t supported by a system manufacturer.
Intel states that the data can only be exploited if the attacker gets hold of the vulnerable machine. Remote attacks can be prevented via a BIOS update.
This issue has put millions of computers and their user’s private data at risk. Intel’s increasing chipset security issues have affected its reputation and might be harmful to the company in the long run.