Intel chips released in the last five years contain a serious hardware security flaw that would allow hackers to bypass encryption.

A software patch will not be enough to solve the problem permanently. Instead, an upgrade to a next-generation Intel chip and an audit of existing hardware is recommended.

This type of vulnerability can be compared with a backdoor in encryption.

Visit the BGR homepage for more stories.

Intelligence agencies and the technology sector have been discussing encryption for some years. The spy agencies and the police want to be able to break the encryption with the help of large technology companies to access confidential data from devices belonging to suspects. At the same time, some of them fear hackers, especially those from other nation-states, and agree that encryption is necessary both at the hardware and software level. But officials from several governments around the world would like secret passwords that can access chats, emails and encrypted calls. And they want those keys to be safe to handle. It is an impossible dream right now, and the latest Intel chip failure is proof of that.

The researchers discovered a flaw in Intel chips that opens encrypted data to hackers. It is a completely new security issue, different from the vulnerabilities discovered a few years ago that affected Intel, AMD and ARM chips; by the way, those failures were fixed by software updates.

%MINIFYHTML13f28c1d58dacb0101fbed2d50c0115311% %MINIFYHTML13f28c1d58dacb0101fbed2d50c0115312%

The new defect should not be a concern for most people. Hacks are not necessarily easy to perform, according to researchers at Positive security. But if you rely on encrypted hardware to protect confidential information, someone who could be the goal of a nation-state or an executive of a company that is about to announce an innovative innovation, pay attention. Someone can try to steal data from your computer.

With enough time and resources, someone could decipher their Intel-based laptop without your knowledge. Intel chips from the last five years were shipped with this vulnerability, and Intel cannot do anything about it. Anyone able to access it could hack the latest MacBook Pro decrypting its encryption.

The flaw allows attackers to hack the computer encryption process and then gain access to everything on board.

"For example, they can extract it from a lost or stolen laptop to decrypt sensitive data," said Mark Ermolov, Senior OS and Hardware Security Specialist in Positive Technologies. “Suppliers, contractors or even unscrupulous employees with physical access to the computer can get the key. In some cases, attackers can intercept the key remotely as long as they have gained local access to a target PC as part of a multi-stage attack, or if the manufacturer allows remote firmware updates of internal devices, such as the Intel Integrated Sensor Hub ".

Because it is a read-only memory (ROM) failure, Intel cannot offer a permanent solution. All you can do is buy a new device with another chip or replace your processor with a new Intel processor that does not have the same defect. That is the recommendation of positive technologies, at least. If you suspect that you may have been attacked by hackers, you may also want your device inspected:

Since it is impossible to completely correct the vulnerability by modifying the chipset ROM, Positive Technologies experts recommend disabling the encryption of data storage devices based on Intel CSME or consider migration to Intel CPUs of the tenth generation or later. In this context, the retrospective detection of infrastructure commitment with the help of traffic analysis systems such as PT Network Attack Discovery becomes equally important.

Intel has a patch for the problem that should make it harder to exploit. But, once again, this is not a permanent solution, and ingenious hackers will probably find ways to avoid it.

Now, imagine that technology companies installed backdoors on their devices and / or software to comply with requests from law enforcement to access user data. By the time these backdoors are discovered, anyone could hack encrypted devices with ease. Security vulnerabilities in the software, such as a backdoor, could be patched, of course. But once word spreads that a company is building backdoors in its products, each dedicated hacker will continue to look for security issues in all future products of those companies, regardless of software updates, in search of a new door. rear

Image source: Intel