Critical Intel CPU flaw affects millions of laptops — and it's unpatchable
Intel security flaw has far-reaching ramifications
A bug affecting most Intel CPUs released in the last five years cannot be fully fixed via a patch, according to a report released today by security researchers at Positive Technologies.
The problem lies in the Converged Security and Management Engine (CSME) in Intel CPUs prior to the new 10th Gen chips. Intel attempted to address the problem as part of a firmware patch last year, but according to the researchers, there is no way for the company to completely fix the vulnerability.
- Intel 'fixes' Zombieload for third time—the CPU flaw that won't die
- Best Laptops in 2020
- Best Laptop Deals in March 2020
The CSME is a "Root of Trust" for the rest of the security on the platform, meaning that the system relies on it as a trusted source of cryptographic security. Because the flaw is in the bootROM of CSME it cannot be changed after manufacturing.
The flaw leaves affected systems potentially open to local or physical access attacks, which would be non-destructive and not detectable once completed. While Intel has some recommendations on how to mitigate the problem, the only real "fix" is to upgrade to a 10th generation or later CPU on your desktop or to buy a new laptop.
Positive Technologies says the next step for those looking to exploit the vulnerability will be to extract the hardware key, which encrypts the Chipset Key, or a single key used across the entire generation of Intel CPUs. I'll let the security researchers' quote regarding that eventuality speak for itself: "When this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted."
One community that will welcome this news are those looking to bypass DRM and copyright-protected content; The flaw could be a boon for pesky software and digital content pirates.
A full-length white paper will be published by Positive Technologies soon, offering a more complete technical explanation of the vulnerability.
Stay in the know with Laptop Mag
Get our in-depth reviews, helpful tips, great deals, and the biggest news stories delivered to your inbox.
Sean Riley has been covering tech professionally for over a decade now. Most of that time was as a freelancer covering varied topics including phones, wearables, tablets, smart home devices, laptops, AR, VR, mobile payments, fintech, and more. Sean is the resident mobile expert at Laptop Mag, specializing in phones and wearables, you'll find plenty of news, reviews, how-to, and opinion pieces on these subjects from him here. But Laptop Mag has also proven a perfect fit for that broad range of interests with reviews and news on the latest laptops, VR games, and computer accessories along with coverage on everything from NFTs to cybersecurity and more.