{"id":5795,"date":"2020-10-02T08:00:31","date_gmt":"2020-10-02T02:30:31","guid":{"rendered":"https:\/\/www.upnxtblog.com\/?p=5795"},"modified":"2020-10-01T20:58:58","modified_gmt":"2020-10-01T15:28:58","slug":"the-unpatchable-intel-cpu-flaw","status":"publish","type":"post","link":"https:\/\/www.upnxtblog.com\/index.php\/2020\/10\/02\/the-unpatchable-intel-cpu-flaw\/","title":{"rendered":"The Unpatchable Intel CPU Flaw"},"content":{"rendered":"<div class='booster-block booster-read-block'><\/div><p>Intel has created revolutionary CPUs throughout the years, each more powerful and cost-efficient than the previous one. However, early this year, experts discovered a deadly security flaw in an entire generation of Intel\u2019s CPUs. And unlike normal vulnerabilities, this can\u2019t be solved with a simple patch.<\/p>\n<h2>What is it?<\/h2>\n<p>The flaw is ingrained at the bottom of the Converged Security and Management Engine or CSME. CSME is the engine responsible for most of your CPU\u2019s hardware security. Since CSME is supposed to be the <a href=\"https:\/\/www.zdnet.com\/article\/intel-warns-of-critical-security-flaw-in-csme-engine\/\" target=\"_blank\" rel=\"noopener\">mother of security<\/a>\u00a0for most components, it\u2019s embedded into the 10th gen CPU hardware to prevent tampering. As such, changes can\u2019t be made after the chips have been manufactured.<\/p>\n<p>CPUs of multifaceted devices such as computers have\u00a0<a href=\"https:\/\/www.altium.com\/solution\/area-sensitive-part-of-the-board\" target=\"_blank\" rel=\"noopener\">sensitive PCB areas<\/a>\u00a0that are susceptible to fabrication failures and other issues. The higher the overall cost of the device, the more vulnerable the parts. Unfortunately for Intel, this meant their latest 10th gen CPU chips and the flaw leaves them open to hardware attacks. Malicious entities are able to extract one \u201chardware key\u201d\u2014a type of shield that\u2019s used to protect the Chipset Key\u2014and use it on any Intel-powered device released in the last five years.<\/p>\n<p>Since it\u2019ll be targeting the physical system itself, bugs and virus release through this method won\u2019t be detected by traditional antivirus systems and firewalls.<\/p>\n<h2>What can I do to protect myself?<\/h2>\n<p>If you bought a computer within the last five years, then chances are that it holds this fatal back door. Intel released <a href=\"https:\/\/threatpost.com\/intel-patches-high-severity-flaw-in-security-engine\/152794\/\" target=\"_blank\" rel=\"noopener\">several firmware patches<\/a>\u00a0in the past few months to mitigate some of the issues, but it only closes one exploit vector. Hackers can always make more \u201ckeys\u201d and use those to get into the device. Still, if you haven\u2019t been updating your computer recently, it\u2019s good practice to continue doing so.<\/p>\n<p>Next, since it\u2019s a hardware flaw, hackers will only really get to it when they gain local access to your device. If you\u2019re using a LAN cable for internet connection, for example, ensure that your modem and router are protected by the\u00a0<a href=\"https:\/\/www.upnxtblog.com\/index.php\/2018\/03\/09\/wpa3-new-wi-fi-security-standard-with-more-security-features\/\">best security features<\/a>\u00a0available. Today, this comes in the form of WPA3. Aside from individualized data encryption, it also includes a 192-bit security suite and added protection against brute-force attacks.<\/p>\n<p>Additionally, if you\u2019re sending in your device for repairs, make sure that it\u2019s always in a trusted service provider, if not the official service center.<\/p>\n<h2>Is there hope to fully beat the CSME vulnerability?<\/h2>\n<p>While no solution for it has been found, cybersecurity professionals are banding together to understand it better. In fact, Positive Technologies released a <a href=\"https:\/\/www.theverge.com\/2020\/3\/6\/21167782\/intel-processor-flaw-root-of-trust-csme-security-vulnerability\" target=\"_blank\" rel=\"noopener\">white paper<\/a>\u00a0last spring to help researchers to dig deeper into the vulnerability. Little has been found about the flaw today, but people are positive that a viable countermeasure is just around the corner. For now, stay vigilant and update your systems regularly.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Intel has created revolutionary CPUs throughout the years, each more powerful and cost-efficient than the previous one. However, early this year, experts discovered a deadly security flaw in an entire generation of Intel\u2019s CPUs. And unlike normal vulnerabilities, this can\u2019t be solved with a simple patch. What is it? The flaw is ingrained at the [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":3674,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[1],"tags":[10],"class_list":["post-5795","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trending","tag-intel"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.upnxtblog.com\/wp-content\/uploads\/2019\/03\/cloud-3998880_1920.jpg?fit=1920%2C1037&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9fbQS-1vt","jetpack-related-posts":[{"id":4068,"url":"https:\/\/www.upnxtblog.com\/index.php\/2019\/08\/02\/why-you-should-use-deep-learning-containers\/","url_meta":{"origin":5795,"position":0},"title":"Why Should You Use Deep Learning Containers?","author":"Karthik","date":"August 2, 2019","format":false,"excerpt":"In contrast to traditional machine learning, Deep learning tries to simulate how our brains learn and process information by generating artificial \"neural networks\" that can extract complex data ideas and interactions. Deep learning models enhance in order to generate more precise ideas and predictions through complicated pattern recognition in images,\u2026","rel":"","context":"In &quot;Machine Learning Guides&quot;","block_context":{"text":"Machine Learning Guides","link":"https:\/\/www.upnxtblog.com\/index.php\/category\/machine-learning\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.upnxtblog.com\/wp-content\/uploads\/2017\/11\/stock-photo-d-rendering-robot-learning-or-solving-problems-680929729.jpg?fit=1200%2C881&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.upnxtblog.com\/wp-content\/uploads\/2017\/11\/stock-photo-d-rendering-robot-learning-or-solving-problems-680929729.jpg?fit=1200%2C881&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.upnxtblog.com\/wp-content\/uploads\/2017\/11\/stock-photo-d-rendering-robot-learning-or-solving-problems-680929729.jpg?fit=1200%2C881&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.upnxtblog.com\/wp-content\/uploads\/2017\/11\/stock-photo-d-rendering-robot-learning-or-solving-problems-680929729.jpg?fit=1200%2C881&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.upnxtblog.com\/wp-content\/uploads\/2017\/11\/stock-photo-d-rendering-robot-learning-or-solving-problems-680929729.jpg?fit=1200%2C881&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":6270,"url":"https:\/\/www.upnxtblog.com\/index.php\/2021\/06\/01\/how-to-build-digital-twin-using-eclipse-ditto\/","url_meta":{"origin":5795,"position":1},"title":"How to build Digital Twin using Eclipse Ditto?","author":"Karthik","date":"June 1, 2021","format":false,"excerpt":"Digital Twins technology brings the exact replica in digital format of a process, a product, or a service. Basically, it takes real-world data about a physical object or system as inputs and produces outputs in the form of predictions or simulations of how that physical object or system will be\u2026","rel":"","context":"In &quot;IOT&quot;","block_context":{"text":"IOT","link":"https:\/\/www.upnxtblog.com\/index.php\/category\/iot\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.upnxtblog.com\/wp-content\/uploads\/2021\/05\/Picture3.png?fit=1002%2C553&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.upnxtblog.com\/wp-content\/uploads\/2021\/05\/Picture3.png?fit=1002%2C553&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.upnxtblog.com\/wp-content\/uploads\/2021\/05\/Picture3.png?fit=1002%2C553&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.upnxtblog.com\/wp-content\/uploads\/2021\/05\/Picture3.png?fit=1002%2C553&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":6092,"url":"https:\/\/www.upnxtblog.com\/index.php\/2021\/04\/13\/the-perfect-pair-digital-twins-and-predictive-maintenance\/","url_meta":{"origin":5795,"position":2},"title":"The Perfect Pair: Digital Twins and Predictive Maintenance","author":"Karthik","date":"April 13, 2021","format":false,"excerpt":"Why Predictive Maintenance Now? Every business needs their essential equipment to operate at peak efficiency and utilization to realize their return on capital investments. This equipment could range from aircraft engines, turbines, elevators, or industrial chillers that cost millions to purchase. For maintenance of this equipment, businesses follow the approaches\u2026","rel":"","context":"In &quot;IOT&quot;","block_context":{"text":"IOT","link":"https:\/\/www.upnxtblog.com\/index.php\/category\/iot\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.upnxtblog.com\/wp-content\/uploads\/2021\/04\/1Figure-3-Gartner-Top-10-Strategic-Trends-for-2019-Features-Digital-Twins-1615203844731.jpg?fit=763%2C1200&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.upnxtblog.com\/wp-content\/uploads\/2021\/04\/1Figure-3-Gartner-Top-10-Strategic-Trends-for-2019-Features-Digital-Twins-1615203844731.jpg?fit=763%2C1200&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.upnxtblog.com\/wp-content\/uploads\/2021\/04\/1Figure-3-Gartner-Top-10-Strategic-Trends-for-2019-Features-Digital-Twins-1615203844731.jpg?fit=763%2C1200&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.upnxtblog.com\/wp-content\/uploads\/2021\/04\/1Figure-3-Gartner-Top-10-Strategic-Trends-for-2019-Features-Digital-Twins-1615203844731.jpg?fit=763%2C1200&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":470,"url":"https:\/\/www.upnxtblog.com\/index.php\/2017\/09\/20\/5-things-know-new-intel-optane-memory-acceleration\/","url_meta":{"origin":5795,"position":3},"title":"5 things you should know about new Intel Optane Memory acceleration","author":"Karthik","date":"September 20, 2017","format":false,"excerpt":"Intel Optane technology provides an unparalleled combination of high throughput, low latency, high quality of service, and high endurance. Intel Optane memory is a system acceleration solution for new 7th Gen Intel processor\u00a0platforms. By placing this new memory media between the processor and slower SATA-based\u00a0storage devices (HDD, SSHD or SATA\u2026","rel":"","context":"In &quot;Trending&quot;","block_context":{"text":"Trending","link":"https:\/\/www.upnxtblog.com\/index.php\/category\/trending\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5757,"url":"https:\/\/www.upnxtblog.com\/index.php\/2020\/10\/13\/10-best-practices-worth-implementing-to-adopt-kubernetes\/","url_meta":{"origin":5795,"position":4},"title":"Kubernetes Adoption in 2024: Key Statistics","author":"Karthik","date":"October 13, 2020","format":false,"excerpt":"We already know that\u00a0Kubernetes is the No. 1 orchestration platform for container-based applications, automating the deployment and scaling of these apps, and streamlining maintenance operations. However, Kubernetes comes with its own complexity challenges. So how can an enterprise take advantage of containerization to tackle complexity and not end up with\u2026","rel":"","context":"In &quot;Kubernetes Guides&quot;","block_context":{"text":"Kubernetes Guides","link":"https:\/\/www.upnxtblog.com\/index.php\/category\/kubernetes\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.upnxtblog.com\/wp-content\/uploads\/2020\/10\/Big-Idea.jpg?fit=770%2C330&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.upnxtblog.com\/wp-content\/uploads\/2020\/10\/Big-Idea.jpg?fit=770%2C330&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.upnxtblog.com\/wp-content\/uploads\/2020\/10\/Big-Idea.jpg?fit=770%2C330&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.upnxtblog.com\/wp-content\/uploads\/2020\/10\/Big-Idea.jpg?fit=770%2C330&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":745,"url":"https:\/\/www.upnxtblog.com\/index.php\/2017\/10\/20\/weekly-roundup-16oct-20oct\/","url_meta":{"origin":5795,"position":5},"title":"Weekly Roundup (16\/Oct-20\/Oct)","author":"Karthik","date":"October 20, 2017","format":false,"excerpt":"Here's roundup of news happened this week. NEWS Researchers revealed details of a new exploit called KRACK that takes advantage of vulnerabilities in Wi-Fi security to let attackers eavesdrop on traffic between computers and wireless access points. The exploit, as first reported by Ars Technica, takes advantage of several key\u2026","rel":"","context":"In &quot;Trending&quot;","block_context":{"text":"Trending","link":"https:\/\/www.upnxtblog.com\/index.php\/category\/trending\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.upnxtblog.com\/wp-content\/uploads\/2017\/10\/153r95.jpg?fit=478%2C300&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/www.upnxtblog.com\/index.php\/wp-json\/wp\/v2\/posts\/5795","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.upnxtblog.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.upnxtblog.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.upnxtblog.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.upnxtblog.com\/index.php\/wp-json\/wp\/v2\/comments?post=5795"}],"version-history":[{"count":1,"href":"https:\/\/www.upnxtblog.com\/index.php\/wp-json\/wp\/v2\/posts\/5795\/revisions"}],"predecessor-version":[{"id":5796,"href":"https:\/\/www.upnxtblog.com\/index.php\/wp-json\/wp\/v2\/posts\/5795\/revisions\/5796"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.upnxtblog.com\/index.php\/wp-json\/wp\/v2\/media\/3674"}],"wp:attachment":[{"href":"https:\/\/www.upnxtblog.com\/index.php\/wp-json\/wp\/v2\/media?parent=5795"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.upnxtblog.com\/index.php\/wp-json\/wp\/v2\/categories?post=5795"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.upnxtblog.com\/index.php\/wp-json\/wp\/v2\/tags?post=5795"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}