SoylentNews

DannyB [soylentnews.org] writes:

A major new Intel processor flaw could defeat encryption and DRM protections [theverge.com]

EDITORS: this article could probably combine with one I just submitted titled: Intel x86 Root of Trust: loss of trust

Security researchers claim it’s unfixable

Security researchers are warning of a major new security flaw inside Intel processors, and it could defeat hardware-based encryption and DRM protections. The flaw exists at the hardware level of modern Intel processors released in the last five years, and could allow attackers to create special malware (like keyloggers) that runs at the hardware level and is undetectable by traditional antivirus systems. Intel’s latest 10th Gen processors are not vulnerable, though.

Security firm Positive Technologies discovered the flaw, [ptsecurity.com] and is warning that it could break apart a chain of trust for important technology like silicon-based encryption, hardware authentication, and modern DRM protections. “This vulnerability jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company’s platforms,” explains security researcher Mark Ermolov.

The root of the flaw is Intel’s Converged Security Management Engine (CSME), the part of Intel’s chips that’s responsible for securing all firmware that runs on Intel-powered machines. Intel has previously patched vulnerabilities in the CSME, but the researchers warn the CSME firmware is unprotected early on when a system boots so it’s still vulnerable to attacks.

“The problem is not only that it is impossible to fix firmware errors that are hard-coded in the Mask ROM of microprocessors and chipsets,” warns Ermolov. “The larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole.”

Successful attacks would require skill and in most cases physical access to a machine, but some could be performed by other malware bypassing OS-level protections to perform local attacks. This could lead to data from encrypted hard disks being decrypted, forged hardware IDs, and even the ability to extract digital content protected by DRM.

[ . . . . ] Intel has been struggling with its processor security flaws [theverge.com] recently. The initial discovery of the Meltdown and Spectre processor vulnerabilities [theverge.com] back in January 2018 led to additional flaws. [theverge.com] Researchers warned that variants and other consequences of the bug would appear for years to come, and we’re still seeing the repercussions more than two years later. Intel has attempted to mitigate most flaws with patches, but only newer processors will escape these vulnerabilities thanks to new security designs.

Maybe its time to look to a simpler architecture without five decades of baggage.

Original Submission