Intel has created revolutionary CPUs throughout the years, each more powerful and cost-efficient than the previous one. However, early this year, experts discovered a deadly security flaw in an entire generation of Intel’s CPUs. And unlike normal vulnerabilities, this can’t be solved with a simple patch.
What is it?
The flaw is ingrained at the bottom of the Converged Security and Management Engine or CSME. CSME is the engine responsible for most of your CPU’s hardware security. Since CSME is supposed to be the mother of security for most components, it’s embedded into the 10th gen CPU hardware to prevent tampering. As such, changes can’t be made after the chips have been manufactured.
CPUs of multifaceted devices such as computers have sensitive PCB areas that are susceptible to fabrication failures and other issues. The higher the overall cost of the device, the more vulnerable the parts. Unfortunately for Intel, this meant their latest 10th gen CPU chips and the flaw leaves them open to hardware attacks. Malicious entities are able to extract one “hardware key”—a type of shield that’s used to protect the Chipset Key—and use it on any Intel-powered device released in the last five years.
Since it’ll be targeting the physical system itself, bugs and virus release through this method won’t be detected by traditional antivirus systems and firewalls.
What can I do to protect myself?
If you bought a computer within the last five years, then chances are that it holds this fatal back door. Intel released several firmware patches in the past few months to mitigate some of the issues, but it only closes one exploit vector. Hackers can always make more “keys” and use those to get into the device. Still, if you haven’t been updating your computer recently, it’s good practice to continue doing so.
Next, since it’s a hardware flaw, hackers will only really get to it when they gain local access to your device. If you’re using a LAN cable for internet connection, for example, ensure that your modem and router are protected by the best security features available. Today, this comes in the form of WPA3. Aside from individualized data encryption, it also includes a 192-bit security suite and added protection against brute-force attacks.
Additionally, if you’re sending in your device for repairs, make sure that it’s always in a trusted service provider, if not the official service center.
Is there hope to fully beat the CSME vulnerability?
While no solution for it has been found, cybersecurity professionals are banding together to understand it better. In fact, Positive Technologies released a white paper last spring to help researchers to dig deeper into the vulnerability. Little has been found about the flaw today, but people are positive that a viable countermeasure is just around the corner. For now, stay vigilant and update your systems regularly.