Categories: News

Analysts discovered a huge hole in Intel’s read-only memory

Security analysts discovered a huge hole in Intel’s read-only memory. Afterwards, they said that nobody can fix it. Moreover, this leaves all Intel’s devices exposed, except Intel’s latest 10th generation devices. The security company Positive Technologies discovered an error in Intel’s boot read-only memory (ROM). As a result, it makes each system with the hole susceptible to hacks.

Mark Ermolov, Positive Technologies’ lead specialist of OS and hardware security said in a blog post that they discovered the vulnerability in the ROM of the Intel Converged Security and Management Engine (CSME). This “jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company’s platforms,”, according to him. And he least of it is that it’s impossible to fix firmware errors, as they are hard-coded in the Mask ROM of microprocessors and chipsets. But “the larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole,” he added.

When the security company contacted Intel, the chip giant said it was aware of the hole.

The CMSE is responsible for the first authentication. Also, it loads and verifies the firmware of intel-based devices. So, this exposes the systems in the boot process. Further on, this means, according to Positive Technologies, that “hardware IDs will be forged, digital content will be extracted and data from encrypted hard disks will be decrypted.

An almost useless update

Although Intel updated a patch last month, Positive Technologies’ experts consider it can not fully fill the hole. They consider that there might be many ways to exploit this vulnerability. One way is that it “might require local access” such as malware. Others might need “physical access” to a computer target in question.

Intel acknowledged that it was notified of a vulnerability potentially affecting the Intel Converged Security Management Engine. So, they said that “an unauthorized user with specialized hardware and physical access may be able to execute arbitrary code within the Intel CSME subsystem on certain Intel products,” Leigh Rosenwald,Intel spokesperson, said in a statement.

As a result, the company recommends keeping systems up-to-date. But the hole in Intel’s read-only memory could give them a hard time

Laurentiu Titei

Laurentiu, a creative content writer, has been producing articles about technology for more than 10 years. He is interested in all the security and internet news and his mainstream media background helps make them readable for all kinds of users. Moreover, he grows the appropriate social media channels for websites.

Recent Posts

Digital Advertising practices, under the pressure of fines

Its digital advertising practices continue to bring troubles for Google. Two separate cases will go to court in the UK…

2 years ago

Advertising discrimination, addressed by huge companies

WPP, Delta Airlines, Kellogg and Mindshare take the issue of advertising discrimination seriously, in order to combat bias in digital…

2 years ago

Ad fraud might hit $100B, advertising companies worry

Ad fraud has become a very big issue for both users and the advertising agencies. Different forms of it might…

3 years ago

The ad-based business model: Would Facebook change it?

The Facebook lead architect of the ad-based business model leaves the company. Let's see how her move could affect company's…

3 years ago

Here it comes: New Meta privacy policy. Does it matter?

A new Meta privacy policy comes soon for the company's platforms. Users would be notified of the updates about how…

3 years ago

Advertising company: ”Our customers don’t like ads”

As its “customers don't like ads,” Evite, an American online party planner, decided to just close its advertising business, while…

3 years ago