Posted on March 6, 2020 at 6:07 PM
According to a recent report, there has been a vulnerability in Intel’s security, which could be exploited by attackers to wreak havoc
The vulnerability is a fascinating one, although not very serious that would cause a major upheaval in Intel’s network
So, if your computer uses an Intel Chipset designed within the past 5 years, a critical flaw in the TOM could leave your system vulnerable to attack. There has not been a total fix for that vulnerability, which leaves users with the only option of getting a new computer.
The discovery of the vulnerability
Security researchers at Positive Technologies discovered the vulnerability and announced in a blog post yesterday. They described the breach as a high-level threat, which could lead to severe attacks by hackers. Positive Technologies reported that the vulnerability is present in both firmware and malware of the boot ROM
According to Mark Ermolov, a security expert, the security situation that most people fear could be materializing. He said, “The scenario that Intel system architects, engineers, and security specialists perhaps feared most is now a reality”, pointing out that the breach could compromise every effort Intel has made to offer a secured platform in the company’s security system.
Nature of the flaw
Although the flaw cannot be explained in a straightforward manner, it enabled hackers to find their way into your computer’s encryption process. It will eventually open the door for all types of sensitive information leaks and industrial espionage.
To make matters worse, the process is perpetuated at the hardware level, which makes it extremely difficult to detect. It allows the malicious code to bypass any security platform. Positive Technologies have reported that almost all systems carrying Intel’s security chips for the past five years are vulnerable due to this security flaw.
Emolov stated that attackers have different options they can use to get their hands on the chipset’s key, which is a vital tool they can use to unscramble encrypted messages.
However, he stated that the different methods are not easy to accomplish. For example, remote hacking would take a sophisticated hacker with experience in specialized gear. However, there is still a high chance the hackers could try their luck to exploit Intel’s vulnerabilities.
Emolov also pointed out that the hackers could get the required information from stolen or lost laptops to decrypt confidential data. Employees, contractors, or dishonest supplies can have access to the key.
In other instances, the actors have remote access to the key as long as they have already accessed a local PC during a multitasking attack. They can even get access if a manufacturer offers firmware updates on internal devices.
Intel has issued a patch
To discourage any hacking attempt on the chipsets, Intel issued a patch yesterday.
The patch will make it more difficult for the actors to explore the vulnerabilities. However, no one is sure whether the hackers would succeed since the main problem is within the ROM. Generally, it is very difficult to tinker ROM through firmware updates.
Possible solutions for users
Positive Technologies have advised users of the affected Intel chipset on what to do. they said users of an older version of Intel CPU or those not using the latest version should upgrade to the 10th generation as soon as possible.
But if they are not able to upgrade for any reason, they should disable the Intel data encryption and evaluate whether their system has been compromised. There is additional instruction provided on Intel’s website to guide people.
Disabling instructions are also part of the recommendation the company has recommended on its website. The information on the site also includes how to contact the motherboard or device manufacturer for updates to deal with the breach.
The Intel users who are affected are advised to go through the site to get information on the different ways they can prevent being hacked by the attackers. From the instruction of positive technologies and Intel, users of the older version could either get a 10th generation processor CPU to avoid being a target to hackers.