Researchers Find Unfixable Security Flaw in 5 Years of Intel Chips

While Intel has issued patches to lessen the damage of exploits, researchers say the mitigations may not be enough to fully protect systems.

Share on Facebook Tweet Snapchat Share Reddit Comment
Researchers Find Unfixable Security Flaw in 5 Years of Intel Chips

Photo Credit: YouTube/ Intel

Highlights
  • Virtually all Intel chips released in the past 5 years contain the flaw
  • Intel was notified of the vulnerabilities and released mitigations
  • The flaw can allow attackers to defeat a host of security measures

Researchers have discovered a major new security flaw inside processors made by US multinational corporation and chip making giant Intel for the past five years. The flaw allow exploits to defeat hardware-based encryption and DRM protections. According to security company Positive Technologies, the security bug could break apart a chain of trust for important technology like silicon-based encryption, hardware authentication and modern DRM protections.

"We will provide more technical details in a full-length white paper to be published soon. We should point out that when our specialists contacted Intel PSIRT to report the vulnerability, Intel said the company was already aware of it (CVE-2019-0090). Intel understands they cannot fix the vulnerability in the ROM of existing hardware. So they are trying to block all possible exploitation vectors. The patch for CVE-2019-0090 addresses only one potential attack vector, involving the Integrated Sensors Hub (ISH). We think there might be many ways to exploit this vulnerability in ROM. Some of them might require local access; others need physical access," said Mark Ermolov, from Positive Technologies.

Virtually all Intel chips released in the past five years contain an unfixable flaw that may allow sophisticated attackers to defeat a host of security measures built into the silicon.

While Intel has issued patches to lessen the damage of exploits and make them harder, security firm Positive Technologies said the mitigations may not be enough to fully protect systems, ArsTechnica reported on Friday.

The security vulnerability discovered applies to machines with Intel chips built over the last five years or so. Intel said that it was notified of the vulnerabilities and released mitigations in May 2019 to be incorporated into firmware updates for motherboards and computer systems.

 

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: Intel, Intel Security Flaw
Samsung Galaxy A31 Support Page Goes Live, Phone Receives Bluetooth Certification

Related Stories

 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on JioSaavn.com