Security researchers have identified two new critical flaws in Intel processors. Although these are difficult to exploit, they have the particularity of being impossible to correct. Explanations.
A HARDWARE PROBLEM
Positive Technologies has identified security flaws in Intel’s Converged Security and Management Engine (CSME), that could allow hackers to access all the data on a computer. The Intel‘s CSME is part of the chip controlling in particular the boot system, the firmware and, more importantly, and the cryptographic functions. This vulnerability has added to the list of security vulnerabilities identified on Intel chips in recent years.
The CSME is the first module to run when you start your computer. Although its first action is to protect the memory it embeds, it is vulnerable for a brief moment. As a result, hackers with local or physical access to the machine can overwrite memory and divert the execution of the boot code. This flaw being hardware and not software, it cannot be patched or corrected without replacing the chip.
All Intel processors released in the past five years would be affected by the problem.
THIS TYPE OF FLAW COMPROMISES THE SAFETY OF THE MACHINE AS A WHOLE
A hacker exploiting the flaw in question would be able to obtain an encryption key, which would give him almost unlimited access to all the data stored on the device. This would prove to be particularly problematic for all servers equipped with Intel processors, since the hacker would then have the possibility of decrypting all the traffic entering and leaving the target machine.
” The problem is not only that it is impossible to correct the physically encoded firmware errors in the ROM memory of microprocessors and chips “, explains Mark Ermolov, of Positive Technologies. ” The main concern is that this type of hardware flaw compromises the security of the machine as a whole, ” adds the researcher, who however specifies that if the user’s machine is constantly in his possession, he is technically safe .
Earlier this week, the company BitDefender has announced to have identified a similar flaw on Intel chips , allowing hackers ” to inject malicious features that can be exploited to steal data .”