Intel processors' unfixable security flaw

Bradley Prior

MyBroadband Journalist
Staff member
Super Moderator
Joined
Oct 16, 2018
Messages
3,035
Intel processors' unfixable security flaw

Security firm Positive Technologies has discovered a vulnerability in Intel's processors launched within the past five years which allows malicious parties to extract the chipset key and obtain access to user data.

Such a breach is impossible to detect, the security firm said.
 

MirageF1

Executive Member
Joined
Jun 29, 2018
Messages
5,389
Fortunately I never buy the latest and greatest anything...my T420 with Core i5-2520M dual-core processor came out a while b4 2014.

Tend to wait for all the impulsive, wannabe's, got to have latest greatest buyers to guinea pig themselves and then follow wisely.
Call it a few decades of 'puter experience.
 

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
51,496
Fortunately I never buy the latest and greatest anything...my T420 with Core i5-2520M dual-core processor came out a while b4 2014.

Tend to wait for all the impulsive, wannabe's, got to have latest greatest buyers to guinea pig themselves and then follow wisely.
Call it a few decades of 'puter experience.
Nah, you just poor :p or don't replace what's working well.
 

garyc

Expert Member
Joined
Jun 30, 2010
Messages
2,726
The Intel advisory on this is at: https://www.intel.com/content/www/us/en/support/articles/000033416/technologies.html

Ars has a bit more information: https://arstechnica.com/information...psets-have-a-concerning-flaw-thats-unfixable/

They include the following comment.

Exploiting the vulnerability—particularly reading the chipset key—would be a major technical feat that would require specialized gear and years of experience with firmware. Still, the flaw poses a serious threat on unpatched systems and may still be exploitable even on computers that have received updates that computer makers released last year to make exploitation harder.


“While a potential exploit for this issue appears to be fairly complicated, involving multi-stage chain compromising ISH or other firmware [and] then mounting a DMA [direct memory access] attack against CSME, the impact is very broad, and the issue cannot be patched via firmware update because it's in the mask ROM,” Yuriy Bulygin, CEO of Eclypsium, a firm that specializes in the security of firmware, said in an interview.
 

Swa

Honorary Master
Joined
May 4, 2012
Messages
24,231
So not much of a vulnerability. Just disable DRM.
 

system32

Expert Member
Joined
Dec 29, 2009
Messages
3,269
EPID is used in DRM
...
can also exploit the vulnerability on their own computers to bypass content DRM...
Does this mean that Widevine DRM can be bypassed and is broken?
 

Lupus

Honorary Master
Joined
Apr 25, 2006
Messages
23,303
What the F for exactly


Neither poor...nor stinking rich.

But even if i was Gates' nephew I wouldn't buy anything just released. Not just technology. Anything.

Call it XP and a sliver of wisdom.
Just released? 5 years ago? It's not like it was a CPU released last week, it's been effecting ones from 2015.
 
Top