If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Newly found unfixable vulnerability in Intel chipsets of the past five years may compromise platform encryption keys
Dateline today & yesterday...
"Most Intel chipsets released in the last five years contain the vulnerability in question." o Positive Technologies: Unfixable vulnerability in Intel chipsets threatens users and content rightsholders https://www.ptsecurity.com/ww-en/about/news/unfixable-vulnerability-in-intel-chipsets-threatens-users-and-content-rightsholders/ "An error in chipset read-only memory (ROM) could allow attackers to compromise platform encryption keys and steal sensitive information. "By exploiting vulnerability CVE-2019-0090, a local attacker could extract the chipset key stored on the PCH microchip and obtain access to data encrypted with the key. Worse still, it is impossible to detect such a key breach. With the chipset key, attackers can decrypt data stored on a target computer and even forge its Enhanced Privacy ID (EPID) attestation, or in other words, pass off an attacker computer as the victim's computer. EPID is used in DRM, financial transactions, and attestation of IoT devices." o Unfixable boot ROM security flaw in millions of Intel chips could spell utter chaos for DRM, file encryption, etc https://www.theregister.co.uk/2020/03/05/unfixable_intel_csme_flaw/ "It cannot be fixed without replacing the silicon, only mitigated, it is claimed: the design flaw is baked into millions of Intel processor chipsets manufactured over the past five years. The problem revolves around cryptographic keys that, if obtained, can be used to break the root of trust in a system." o Another unfixable Intel chip flaw could render Apple's FileVault useless https://9to5mac.com/2020/03/06/intel-chip-flaw/ "a completely new issue has been discovered that is unpatchable and could render useless SSD encryption like Apple's FileVault on pre-T1 or T2 Macs" "a brand new chip-level vulnerability has been discovered in Intel chips, which is impossible to patch. This potentially lets an attacker compromise the startup process to gain access to keys used to encrypt the drive" etc. -- Together we can learn far more than anyone of us can by learning alone. |
Ads |
Thread Tools | |
Display Modes | |
|
|