Welcome to the

AdGuardian Plus Blog


Analysts discovered a huge hole in Intel’s read-only memory

Hacker trying to exploit a hole in Intel's read-only memory

Security analysts discovered a huge hole in Intel’s read-only memory. Afterwards, they said that nobody can fix it. Moreover, this leaves all Intel’s devices exposed, except Intel’s latest 10th generation devices. The security company Positive Technologies discovered an error in Intel’s boot read-only memory (ROM). As a result, it makes each system with the hole susceptible to hacks.

Mark Ermolov, Positive Technologies’ lead specialist of OS and hardware security said in a blog post that they discovered the vulnerability in the ROM of the Intel Converged Security and Management Engine (CSME). This “jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company’s platforms,”, according to him. And he least of it is that it’s impossible to fix firmware errors, as they are hard-coded in the Mask ROM of microprocessors and chipsets. But “the larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole,” he added.

When the security company contacted Intel, the chip giant said it was aware of the hole.

The CMSE is responsible for the first authentication. Also, it loads and verifies the firmware of intel-based devices. So, this exposes the systems in the boot process. Further on, this means, according to Positive Technologies, that “hardware IDs will be forged, digital content will be extracted and data from encrypted hard disks will be decrypted.

An almost useless update

Although Intel updated a patch last month, Positive Technologies’ experts consider it can not fully fill the hole. They consider that there might be many ways to exploit this vulnerability. One way is that it “might require local access” such as malware. Others might need “physical access” to a computer target in question.

Intel acknowledged that it was notified of a vulnerability potentially affecting the Intel Converged Security Management Engine. So, they said that “an unauthorized user with specialized hardware and physical access may be able to execute arbitrary code within the Intel CSME subsystem on certain Intel products,” Leigh Rosenwald,Intel spokesperson, said in a statement.

As a result, the company recommends keeping systems up-to-date. But the hole in Intel’s read-only memory could give them a hard time

Laurentiu Titei
About author

Laurentiu, a creative content writer, has been producing articles about technology for more than 10 years. He is interested in all the security and internet news and his mainstream media background helps make them readable for all kinds of users. Moreover, he grows the appropriate social media channels for websites.
Related posts

Digital Advertising practices, under the pressure of fines


Advertising discrimination, addressed by huge companies


Ad fraud might hit $100B, advertising companies worry


The ad-based business model: Would Facebook change it?

Leave a Reply

Your email address will not be published. Required fields are marked *