• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
  • The forums have been upgraded with support for dark mode. By default it will follow the setting on your system/browser. You may override it by scrolling to the end of the page and clicking the gears icon.

Intel chips detect unreachable security holes

V

vakafx

New Member
Joined
May 21, 2020
Messages
1 (0.00/day)
The flaw lies in the security and management tool (CSME), which is part of the system boot control chip, firmware and most important encryption functions. This could allow an attacker to inject malicious code and control the device.
CSME's security functions allow the operating system and application to securely store files encrypted by locking the main chipset. If an attacker could access CSME by executing malicious code, they could gain access to the core parts of the operating system along with the application and potentially cause serious damage.
 
Are you referring to this information?

www.engadget.com

Researchers discover that Intel chips have an unfixable security flaw

Security researchers have discovered another flaw in recent Intel chips that, while difficult to exploit, is completely unpatchable. The vulnerability is within Intel's Converged Security and Management Engine (CSME), a part of the chip that controls system boot-up, power levels, firmware and...
www.engadget.com www.engadget.com

Looks like it's not completely "sky is falling", hopefully: "That sounds dramatic, but exploiting the vulnerability would require major technological know-how, specialized equipment and physical access to a machine. Once hackers were inside a system, though, they could feasibly gain persistent remote access "
 
@vakafx - when reporting alleged faults in a product, especially critical products from popular manufacturers at tech sites and in particular, here at TPU, it is best to include links to your source so folks can first, verify its authenticity, and second, so we can read for ourselves. This is in part, to make sure everyone has their facts straight when posting such findings, and to make sure it is not "fake news".

For example, did you mean to say "unreachable"? Because an "unreachable" security flaw would hardly be a concern.

The only recent report of a CSME security flaw in an Intel processor that I can find is the flaw noted by Ahhzz. If that is the flaw you are reporting, it is the same one reported by TPU over 3 months ago - so not new news. And if the same, not sure your point in reporting it again.

***

Ahhzz said:
...exploiting the vulnerability would require...physical access to a machine.
Click to expand...
This is the caveat that is so often overlooked (or intentionally ignored :() by those eager to pounce on Intel - again.
 
I think this is a given to have the security holes, but make them inaccessible. That is the whole encryption premise.
 
this would need a link in the original post
 
Possibly the worse thread title i have ever seen.

It sounds like a vulnerability auto fixer from the title as opposed to the opposite.
 
It could just be a bad auto-correct.
 
You must log in or register to reply here.
Back
Top