A bug affecting most Intel CPUs released in the last five years cannot be fully fixed via a patch, according to a report released today by security researchers at Positive Technologies.
The problem lies in the Converged Security and Management Engine (CSME) in Intel CPUs prior to the new 10th Gen chips. Intel attempted to address the problem as part of a firmware patch last year, but according to the researchers, there is no way for the company to completely fix the vulnerability.
- Intel 'fixes' Zombieload for third time—the CPU flaw that won't die
- Best Laptops in 2020
- Best Laptop Deals in March 2020
The CSME is a "Root of Trust" for the rest of the security on the platform, meaning that the system relies on it as a trusted source of cryptographic security. Because the flaw is in the bootROM of CSME it cannot be changed after manufacturing.
The flaw leaves affected systems potentially open to local or physical access attacks, which would be non-destructive and not detectable once completed. While Intel has some recommendations on how to mitigate the problem, the only real "fix" is to upgrade to a 10th generation or later CPU on your desktop or to buy a new laptop.
Positive Technologies says the next step for those looking to exploit the vulnerability will be to extract the hardware key, which encrypts the Chipset Key, or a single key used across the entire generation of Intel CPUs. I'll let the security researchers' quote regarding that eventuality speak for itself: "When this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted."
One community that will welcome this news are those looking to bypass DRM and copyright-protected content; The flaw could be a boon for pesky software and digital content pirates.
A full-length white paper will be published by Positive Technologies soon, offering a more complete technical explanation of the vulnerability.