HomeWinBuzzer NewsIntel Has Been Hit by Another "Unfixable" CPU Flaw That Could Lead...

Intel Has Been Hit by Another “Unfixable” CPU Flaw That Could Lead to Undetectable Malware

A bug in Intel CSME could let an attacker with local or physical access install an undetectable keylogger on a device or break encryption and DRM.

-

Security researchers say they've uncovered another CPU flaw that they believe to be unfixable and unpatchable. Though the bug is very different to Meltdown and Spectre, it could still prove serious and wide-ranging.

Discoverers Positive Technologies say this issue will affect all Intel of the past five years, except for its 10th generation chips. Existing at the hardware level, its researchers believe the bug could cause “utter chaos”.

“Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted,” explained the company. “The vulnerability also sets the stage for arbitrary code execution with zero-level privileges in Intel CSME.”

CSME stands for the Converged Security Management Engine, which is responsible for securing the firmware that runs on a user's machine. Issues with its security severely erode trust in the platform, and the fact CSME is unprotected so early in a system's boot stage means it will be vulnerable to attacks even after patching. Potentially, a skilled attacker could craft a malware that runs at the hardware level and is completely undetectable by most anti-virus solutions.

A Severity Disagreement

This flaw would require a lot of knowledge and skill to exploit, making it less likely it will target your average user. However, one concern is that some attackers could use other malware to remotely bypass OS-level protections, then use the Intel flaw to decrypt hardware or extract DRM-locked content. System Guard and BitLocker both make use of CSME, for example.

“For such an attack, in most cases, it is enough for an attacker to be able to execute code locally on the attacked machine (at the operating system level, i.e., kernel mode local code execution),” explained Positive Technologies' Mark Ermlov to Ars Technica.

“As soon as he can execute code on ISH, through this vulnerability he could attack Intel CSME and already execute arbitrary code on this subsystem, and by extracting the chipset key, it can do this on an ongoing basis (persistence). Thus, in most cases, the attacker does not need physical access to the vulnerable machine.”

An Intel representative said that installing its latest BIOS and CSME updates should mitigate these types of attacks. Despite Positive Technologies' warnings, Intel suggests that an attacker would require “specialized hardware and physical access”. It also downplayed the reach of the vulnerability, saying it could be exploited in “certain Intel products”.

To mitigate the attack, Intel recommends maintaining physical possession of their PC or Laptop and install the latest updates as they become available.

Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News