KEY POINTS

  • An Intel chip vulnerability discovered by a security firm could threaten encryption and DRM protection 
  • Intel already rolled out firmware updates to mitigate the vulnerability but it turns out that it could not patch it
  • Intel shared that 10th generation Intel chips are not affected y this flaw

Integral vulnerabilities on Intel chips have become the norm for the company over the past several years since major exploits like ZombieLoad, Spectre and Meltdown affected almost all devices housing Intel chips. Security researchers recently discovered a new vulnerability on the Converged Security and Management Engine's mask ROM. The problem is, it looks like the issue in unfixable, and it threatens encryption and even DRM protection.

What Is This Intel Chips Flaw All About?

The Intel chips flaw was uncovered by Positive Technologies, a security firm that warns users that the issue shatters a chain of trust for crucial technology. It includes hardware authentication, silicon-based encryptions, and modern DRM protections. The firm claims that “This vulnerability jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company’s platforms.” 

The Intel chips flaw is uncovered in the part of the chip that takes care of securing all firmware running on Intel-powered machines known as the Converged Security Management Engine (CSME). Another issue is that the CSME firmware is unprotected whenever the system boots leaving it susceptible to attacks. "Because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole," explains Positive Technologies in a blog post.

Intel logo The Intel logo is shown at E3, the world's largest video game industry convention in Los Angeles, California, June 12, 2018. Photo: REUTERS/Mike Blake

When this Intel Chips flaw is exploited, it could be used to decrypt incoming and outgoing traffic from the affected devices or systems. Intel also noted that 10th generation chips are safe from this Intel chips flaw. It could be one of the reasons why the Cupertino tech giant would like to make a transition to ARM-based processors for its future Macs.

Who Are Affected?

The Intel chips flaw applies to machines with chips built in the last five years. According to Intel, when it learned about the vulnerabilities, it rolled out mitigations in May 2019. This way, it could be integrated into the firmware updates for both computer systems and motherboards.

“Those updates should mitigate local attacks,” Intel told Ars Technica. But, the company also explained that physical attacks are still possible, especially if attackers possess the target machine and “roll back its BIOS versions.” To prevent this from happening, Intel advised users to “maintain possession of their platforms,” especially the old ones.