A security flaw in the Intel chips that power most desktop and laptop PCs could potentially allow a hacker to decrypt sensitive data, even on systems with multiple layers of security to thwart such a hack.
The flaw is an error in the read-only memory (ROM) of Intel microprocessors, according to researchers at Positive Technologies, who disclosed it on Thursday. It could allow someone with physical access to a PC to extract its chipset key, essentially a master password that could unlock the rest of the system.
The flaw affects all PCs with ninth-generation or earlier Intel chips. Intel has known about the flaw since at least May 2019, and its latest tenth generation chips include an updated Converged Security and Management Engine (CSME) unaffected by these ROM errors.
Intel has also released software and firmware updates to mitigate the problem for affected systems. But Positive Technologies says the flaws cannot be fixed even with these mitigations, and that the only way to fully prevent an attack is to replace the CPU with a new one whose chipset key cannot be extracted.
“The problem is not only that it is impossible to fix firmware errors that are hard-coded in the Mask ROM of microprocessors and chipsets,” Positive Technologies researcher Mark Ermolov wrote in a blog post. “The larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole.”
In a security bulletin accompanying the updates, Intel acknowledged that some of the firmware in its chips are vulnerable to physical attacks and recommended that users “maintain physical possession of their platform.”
Error Before All Other Errors
The flaw is potentialy more serious than the Spectre and Meltdown bugs discovered in 2018. Those issues also allowed hackers to take over a system and steal its data through a process known as speculative execution. Spectre and Meltdown can be fixed with software updates that prevent speculative execution, which are now available for most consumer PCs.
Since the ROM error can be exploited before a system even boots up, it can’t be patched with a software update, according to Positive Technologies. It also can’t be avoided with some types of added security that are common in business PCs used in finance, healthcare, and other industries. Those PCs typically have a trusted platform module (TPM), which prevents hackers from tampering with the system before it boots up. Since CSME firmware also controls software-based TPMs, they are also vulnerable.
It’s unclear if systems with hardware TPMs would be affected, and Intel did not immediately respond to a request for comment. Systems with hardware TPMs include most late-model Mac laptops and desktops, which use Apple's custom-designed T2 security chip to handle encryption and secure boot-ups.
No known exploits of the vulnerabilities have been reported. Although an exploit would require a high degree of sophistication on the part of the attackers and physical access to a PC, Positive Technologies warns that a successful attack that is able to decrypt a PC’s security key could have dire consequences for systems with sensitive data.
“We believe that extracting this key is only a matter of time,” Ermolov wrote.
Further Reading
- Facebook Sues Namecheap for Registering Deceptive Domain Names
- Does This Bill Fight Online Child Exploitation or Kill Encryption? Depends on Who You Ask
- DuckDuckGo Launches Tracker Radar to Enhance Online Privacy
- Cathay Pacific Fined $640K for Poor Data Protection
- More in Security
Security Reviews
- NordLocker
- Private Internet Access VPN (for macOS)
- NordPass Premium
- Qustodio
- Virtru Email Protection for Gmail