• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Drama Clickbait Hardware Intel drama: Another vulnerability found, the new chapter

marquimvfs

Member
Jul 25, 2014
212
211
465
31
Brazil
Positive Technologies claim that pretty much every Intel processor released in the last five years has a security flaw baked into the silicon which can’t actually be fixed, although the chip maker is already implemented mitigations. According to the source, the "good" part of the history is that the new security flaw could only be exploited when physically present.

The vulnerability, which is present in Intel’s Converged Security and Management Engine (CSME) – a subsystem inside the CPU which takes care of all manner of important security duties, right from pushing the power button – is not trivial to exploit. According to source, it’s a tricky matter to do so, so we shouldn't wait for mass attacks and malwares being received trough internet.
But it’s still a worrying state of affairs when there’s apparently a security flaw directly in the silicon which isn’t fixable, as it can’t be patched via a firmware update, Positive Technologies observes that this is because the problem is present in the “very early stages of the subsystem’s [CSME’s] operation, in its boot ROM”, and that it’s “impossible to fix firmware errors that are hard-coded in the mask ROM.”
The security firm further notes that Intel has said it’s already aware of the issues here, and understands that it cannot fix the vulnerability in the ROM, so instead it’s attempting to patch all possible attack vectors. But mitigating against every conceivable exploit could obviously be a difficult process. They also warned: “This vulnerability jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company’s platforms … The larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole.”
In short, it’s another blow to Intel’s reputation on the security front.

Source:

 
Jan 11, 2020
132
216
330
It never ends with them.
I see it as karma. When AMD didn't have anything to fight against, Intel gouged their customers and stayed complacent.
Now the table has reversed and they're getting fucked by AMD and all of these security vunerabilities.
 

DoctaThompson

Banned
Jan 5, 2020
1,643
2,349
570
Big Caulk County
Big oof. Intel honestly doesn't deserve a break from their stagnancy during the years. If they had just kept up with their shit, AMD wouldn't be killing them in the cpu field. On the other hand... AMD has let Nvidia take everything in the mid and high tier gpu space. Hopefully completion allows better pricing, and bigger pushes to better technology.