PCbanter

PCbanter (http://www.pcbanter.net/index.php)
-   General XP issues or comments (http://www.pcbanter.net/forumdisplay.php?f=18)
-   -   Newly found unfixable vulnerability in Intel chipsets of the past five years may compromise platform encryption keys (http://www.pcbanter.net/showthread.php?t=1109682)

Arlen Holder[_6_] March 6th 20 06:36 PM
Newly found unfixable vulnerability in Intel chipsets of the past five years may compromise platform encryption keys
 
Dateline today & yesterday...

"Most Intel chipsets released in the last five years contain the
vulnerability in question."

o Positive Technologies: Unfixable vulnerability in Intel chipsets
threatens users and content rightsholders
https://www.ptsecurity.com/ww-en/about/news/unfixable-vulnerability-in-intel-chipsets-threatens-users-and-content-rightsholders/
"An error in chipset read-only memory (ROM) could allow attackers to
compromise platform encryption keys and steal sensitive information.

"By exploiting vulnerability CVE-2019-0090, a local attacker could
extract the chipset key stored on the PCH microchip and obtain access
to data encrypted with the key. Worse still, it is impossible to detect
such a key breach. With the chipset key, attackers can decrypt data
stored on a target computer and even forge its Enhanced Privacy ID
(EPID) attestation, or in other words, pass off an attacker computer
as the victim's computer. EPID is used in DRM, financial transactions,
and attestation of IoT devices."

o Unfixable boot ROM security flaw in millions of Intel chips could
spell utter chaos for DRM, file encryption, etc
https://www.theregister.co.uk/2020/03/05/unfixable_intel_csme_flaw/
"It cannot be fixed without replacing the silicon, only mitigated,
it is claimed: the design flaw is baked into millions of Intel processor
chipsets manufactured over the past five years. The problem revolves
around cryptographic keys that, if obtained, can be used to break the
root of trust in a system."

o Another unfixable Intel chip flaw could render Apple's FileVault useless
https://9to5mac.com/2020/03/06/intel-chip-flaw/
"a completely new issue has been discovered that is unpatchable
and could render useless SSD encryption like Apple's FileVault
on pre-T1 or T2 Macs"

"a brand new chip-level vulnerability has been discovered in Intel chips,
which is impossible to patch. This potentially lets an attacker
compromise the startup process to gain access to keys used to
encrypt the drive"

etc.
--
Together we can learn far more than anyone of us can by learning alone.


All times are GMT +1. The time now is 09:36 AM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright © 2004 - 2006 PCbanter
Comments are property of their posters