• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Intel chips detect unreachable security holes

V

vakafx

New Member
Joined
May 21, 2020
Messages
1 (0.00/day)
The flaw lies in the security and management tool (CSME), which is part of the system boot control chip, firmware and most important encryption functions. This could allow an attacker to inject malicious code and control the device.
CSME's security functions allow the operating system and application to securely store files encrypted by locking the main chipset. If an attacker could access CSME by executing malicious code, they could gain access to the core parts of the operating system along with the application and potentially cause serious damage.
 
Ahhzz

Ahhzz

Moderator
Staff member
Joined
Feb 27, 2008
Messages
8,744 (1.48/day)
System Specs
System Name OrangeHaze / Silence
Processor i7-13700KF / i5-10400 /
Motherboard ROG STRIX Z690-E / MSI Z490 A-Pro Motherboard
Cooling Corsair H75 / TT ToughAir 510
Memory 64Gb GSkill Trident Z5 / 32GB Team Dark Za 3600
Video Card(s) Palit GeForce RTX 2070 / Sapphire R9 290 Vapor-X 4Gb
Storage Hynix Plat P41 2Tb\Samsung MZVL21 1Tb / Samsung 980 Pro 1Tb
Display(s) 22" Dell Wide/24" Asus
Case Lian Li PC-101 ATX custom mod / Antec Lanboy Air Black & Blue
Audio Device(s) SB Audigy 7.1
Power Supply Corsair Enthusiast TX750
Mouse Logitech G502 Lightspeed Wireless / Logitech G502 Proteus Spectrum
Keyboard K68 RGB — CHERRY® MX Red
Software Win10 Pro \ RIP:Win 7 Ult 64 bit
Are you referring to this information?

www.engadget.com

Researchers discover that Intel chips have an unfixable security flaw

Security researchers have discovered another flaw in recent Intel chips that, while difficult to exploit, is completely unpatchable. The vulnerability is within Intel's Converged Security and Management Engine (CSME), a part of the chip that controls system boot-up, power levels, firmware and...
www.engadget.com www.engadget.com

Looks like it's not completely "sky is falling", hopefully: "That sounds dramatic, but exploiting the vulnerability would require major technological know-how, specialized equipment and physical access to a machine. Once hackers were inside a system, though, they could feasibly gain persistent remote access "
 
Bill_Bright

Bill_Bright

Joined
Jul 25, 2006
Messages
12,147 (1.87/day)
Location
Nebraska, USA
System Specs
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 32GB (4 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Logitech M190
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
@vakafx - when reporting alleged faults in a product, especially critical products from popular manufacturers at tech sites and in particular, here at TPU, it is best to include links to your source so folks can first, verify its authenticity, and second, so we can read for ourselves. This is in part, to make sure everyone has their facts straight when posting such findings, and to make sure it is not "fake news".

For example, did you mean to say "unreachable"? Because an "unreachable" security flaw would hardly be a concern.

The only recent report of a CSME security flaw in an Intel processor that I can find is the flaw noted by Ahhzz. If that is the flaw you are reporting, it is the same one reported by TPU over 3 months ago - so not new news. And if the same, not sure your point in reporting it again.

***

Ahhzz said:
...exploiting the vulnerability would require...physical access to a machine.
Click to expand...
This is the caveat that is so often overlooked (or intentionally ignored :() by those eager to pounce on Intel - again.
 
M

mtcn77

Joined
Jun 3, 2010
Messages
2,540 (0.50/day)
I think this is a given to have the security holes, but make them inaccessible. That is the whole encryption premise.
 
cucker tarlson

cucker tarlson

Joined
Aug 6, 2017
Messages
7,412 (3.02/day)
Location
Poland
System Specs
System Name Purple rain
Processor 10.5 thousand 4.2G 1.1v
Motherboard Zee 490 Aorus Elite
Cooling Noctua D15S
Memory 16GB 4133 CL16-16-16-31 Viper Steel
Video Card(s) RTX 2070 Super Gaming X Trio
Storage SU900 128,8200Pro 1TB,850 Pro 512+256+256,860 Evo 500,XPG950 480, Skyhawk 2TB
Display(s) Acer XB241YU+Dell S2716DG
Case P600S Silent w. Alpenfohn wing boost 3 ARGBT+ fans
Audio Device(s) K612 Pro w. FiiO E10k DAC,W830BT wireless
Power Supply Superflower Leadex Gold 850W
Mouse G903 lightspeed+powerplay,G403 wireless + Steelseries DeX + Roccat rest
Keyboard HyperX Alloy SilverSpeed (w.HyperX wrist rest),Razer Deathstalker
Software Windows 10
Benchmark Scores A LOT
this would need a link in the original post
 
TheoneandonlyMrK

TheoneandonlyMrK

Joined
Mar 10, 2010
Messages
11,878 (2.30/day)
Location
Manchester uk
System Specs
System Name RyzenGtEvo/ Asus strix scar II
Processor Amd R5 5900X/ Intel 8750H
Motherboard Crosshair hero8 impact/Asus
Cooling 360EK extreme rad+ 360$EK slim all push, cpu ek suprim Gpu full cover all EK
Memory Corsair Vengeance Rgb pro 3600cas14 16Gb in four sticks./16Gb/16GB
Video Card(s) Powercolour RX7900XT Reference/Rtx 2060
Storage Silicon power 2TB nvme/8Tb external/1Tb samsung Evo nvme 2Tb sata ssd/1Tb nvme
Display(s) Samsung UAE28"850R 4k freesync.dell shiter
Case Lianli 011 dynamic/strix scar2
Audio Device(s) Xfi creative 7.1 on board ,Yamaha dts av setup, corsair void pro headset
Power Supply corsair 1200Hxi/Asus stock
Mouse Roccat Kova/ Logitech G wireless
Keyboard Roccat Aimo 120
VR HMD Oculus rift
Software Win 10 Pro
Benchmark Scores 8726 vega 3dmark timespy/ laptop Timespy 6506
Possibly the worse thread title i have ever seen.

It sounds like a vulnerability auto fixer from the title as opposed to the opposite.
 
Bill_Bright

Bill_Bright

Joined
Jul 25, 2006
Messages
12,147 (1.87/day)
Location
Nebraska, USA
System Specs
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 32GB (4 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Logitech M190
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
It could just be a bad auto-correct.
 
You must log in or register to reply here.
Top