Your encrypted data is not secure on devices that use Intel chips

Reports of security flaws in modern processors have become very common. The instructor in a prestigious firm’s hacking course, as well as other researchers, have revealed a hardware and firmware vulnerability in read-only memory (ROM) that affects all Intel processors released over the last five years.

If exploited, this vulnerability would allow threat actors to bypass encryption on processors and install malware to perform various malicious activities. There are still no reports of active exploitation of this failure, although specialists do not rule out this possibility.

The flaw had already been revealed by Intel in May 2019. In addition, the company announced the release of some security patches, adding that Generation 10 Ice Point chips are not vulnerable. According to the participants of the hacking course, a threat actor requires physical access to a machine or network to abuse this vulnerability, which makes their exploitation a little more complex.

Reports on this flaw gained notoriety again a few days ago, when a cybersecurity firm drafted an article about this issue in the Intel ROM Converged Security and Management Engine (CSME). This firm also collaborated on the initial report of the flaw almost a year ago. Upon the publication, Mark Ermolov, the author, says that his intention is to emphasize the security risks to which users are exposed due to the presence of this flaw. 

According to the instructors of the hacking course, the vulnerability exists in the hardware and firmware of the boot ROM; Intel CSME firmware on the ROM initializes the page translation directory later, so for a short period of time static random access memory (SRAM) is vulnerable. Once the flaw is exploited, any hacker can obtain the user’s encryption keys using various methods.

In this regard, Intel ensures that its security teams have worked consistently to mitigate this failure with the release of update patches; the last of these updates was released on February 11, mentions the International Institute of Cyber Security (IICS). The company also recommends to its customers “to ensure the physical integrity of their devices”, as physical access to these resources is critical to exploiting the vulnerability.