Intel processors' unfixable security flaw

Bradley Prior

Bradley Prior

MyBroadband Journalist
Staff member
Super Moderator
Joined
Oct 16, 2018
Messages
5,007
Reaction score
1,580
Intel processors' unfixable security flaw

Security firm Positive Technologies has discovered a vulnerability in Intel's processors launched within the past five years which allows malicious parties to extract the chipset key and obtain access to user data.

Such a breach is impossible to detect, the security firm said.
 
Fortunately I never buy the latest and greatest anything...my T420 with Core i5-2520M dual-core processor came out a while b4 2014.

Tend to wait for all the impulsive, wannabe's, got to have latest greatest buyers to guinea pig themselves and then follow wisely.
Call it a few decades of 'puter experience.
 
MirageF1 said:
Fortunately I never buy the latest and greatest anything...my T420 with Core i5-2520M dual-core processor came out a while b4 2014.

Tend to wait for all the impulsive, wannabe's, got to have latest greatest buyers to guinea pig themselves and then follow wisely.
Call it a few decades of 'puter experience.
Click to expand...

Nah, you just poor :p or don't replace what's working well.
 
The Intel advisory on this is at: https://www.intel.com/content/www/us/en/support/articles/000033416/technologies.html

Ars has a bit more information: https://arstechnica.com/information...psets-have-a-concerning-flaw-thats-unfixable/

They include the following comment.

Exploiting the vulnerability—particularly reading the chipset key—would be a major technical feat that would require specialized gear and years of experience with firmware. Still, the flaw poses a serious threat on unpatched systems and may still be exploitable even on computers that have received updates that computer makers released last year to make exploitation harder.


“While a potential exploit for this issue appears to be fairly complicated, involving multi-stage chain compromising ISH or other firmware [and] then mounting a DMA [direct memory access] attack against CSME, the impact is very broad, and the issue cannot be patched via firmware update because it's in the mask ROM,” Yuriy Bulygin, CEO of Eclypsium, a firm that specializes in the security of firmware, said in an interview.
Click to expand...
 
So not much of a vulnerability. Just disable DRM.
 
EPID is used in DRM
...
can also exploit the vulnerability on their own computers to bypass content DRM...
Click to expand...
Does this mean that Widevine DRM can be bypassed and is broken?
 
MirageF1 said:
What the F for exactly


Neither poor...nor stinking rich.

But even if i was Gates' nephew I wouldn't buy anything just released. Not just technology. Anything.

Call it XP and a sliver of wisdom.
Click to expand...

Just released? 5 years ago? It's not like it was a CPU released last week, it's been effecting ones from 2015.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X