Flaw in Intel chips released in the last five years could allow cyber criminals to hijack computers
An unfixable flaw present in nearly all Intel chips released in the last five years could allow cyber criminals to hijack computers and wreak ‘utter chaos’, an expert warns.
The vulnerability arises because a security feature designed to protect malicious edits to the computer’s random- access memory does not launch quickly enough.
This creates a brief window of time in which hackers can run malicious code on start-up, with full system privileges, and bypass other security features.
Although Intel has released patches to make the weakness harder to exploit, the nature of the flaw means that it will likely not be possible to provide full protection.
The reason that the security flaw cannot be corrected is that its origin lies in so-called mask ROM — editable, ‘read-only’ memory that is programmed by Intel at the time of each chip’s manufacturing.
It is this memory that boots the security and management firmware that protects various aspects of the computer ( and, unlike the read- only memory, is able to be patched with security updates.)
Hackers who succeed in exploiting the flaw can use it to bypass onchip encryption processes, digital rights management protections and even modify the chip’s firmware to facilitate a variety of malicious actions.
‘Intel was notified of a vulnerability potentially affecting the Intel Converged Security Management Engine,’ a company spokesperson said in a statement.
The flaw, they added, may allow an unauthorised user with specialised hardware and physical access [...] to execute arbitrary code within the Intel CSME subsystem on certain Intel products.’
‘ Intel released mitigations and recommends keeping systems upto-date.’
According to Intel, updated machines should be protected unless they are in the physical possession of the computer itself.
The firm has released additional guidance on the security vulnerability, which can be viewed on the
Intel website.
‘ This vulnerability jeopardises everything Intel has done to build the root of trust and lay a solid security foundation on the company’s platforms,’ security expert Mark Ermolov of Positive Technologies wrote in a blog post.‘ The problem is not only hat it is impossible to fix firmware errors that are hard-coded in he mask ROM of microprocessors and chipsets,’ he added.