Researchers manage to decrypt Intel's secret CPU code key
Click here to post a comment for Researchers manage to decrypt Intel's secret CPU code key on our message forum
anticupidon
So, in the internet slang, Intel has been pwned so hard.
On a different approach, this is very bad news.
Financial analyst will exploit this news to disrupt Intel's net worth. On enterprise level, this is very inconvenient.
So many devices are running with Intel chips. This opens a new era on hardware hacking as never before. Some nefarious individuals will make sure to develop new tools and pivot from this new breakthrough as they see fit.
Let's see Intel response, maybe they will come up with something.
This is a red letter day.
Kaarme
barbacot
This vulnerability needs physical access to servers/computers in order to be exploited - can't be done remote.
If you are a system administrator and allow unsupervised physical access to your servers/computers you should find yourself another job.
So let's not overreact, it is a vulnerability but not as serious as remote code execution or other kind of vulnerabilities that can be exploited remote.
Aura89
user1
this is generally good news imo, it means that FINALLY microcode can be issued by others than intel, which means that old chips now have the potential to have bugs patched that intel is unwilling to do. it also probably means that the ME can be completely disabled now.
Fox2232
https://software.intel.com/security-software-guidance/secure-coding/loading-microcode-os
gx-x
so, you can hack yourself, again. Unless you hack the code (ME) waiting to be deployed world-wide. If you manage that, well, you will be soon employed in some government.
anticupidon
This is double edged sword.
On one part, freedom partisans will clear out Intel's ME and liberate the platform from obscure code and implementing more code, free code. Open source code. Coreboot and Libreboot projects will flourish.
On the other part, this open the door to malicious people, willing to inject nefarious code into hardware, to control at the highest level a machine.
How to do it and complications to physical acces to a machine is rather trivial, because social engineering is booming today.
Search for OSINT tools and you'll wish to never open an account on social media platforms.
Imagine the scenario: one employee goes with the faulty computer to a repair shop , the code is implemented and running...and the computer goes back to its owner.
Then, the machine connects to some bussines platform. With the code running and without being detected.
gx-x
"
Then, the machine connects to some bussines platform. With the code running and without being detected.
"
Nope. Like all Intel exploits before, for every machine you will need a lot of know-how and it's CPU by CPU, no mass attacking machines, unless you somehow manage to push ME update via M$ or Intel network meaning MB BIOS/UEFI etc.
schmidtbag
anticupidon
Disturbing news, none the less.
I wish Intel to find a solution, a solid and easy to deploy.
Problem is that a huge lot of machines will be left unpatched, so there is where trouble will start.
TieSKey
If an "independent" security firm could, u HAVE TO/MUST assume bigger players have already done it before (every 1st world country) by means of cracking or simply "asking" Intel for the keys.
suty455
toyo
It's been a shitshow with Intel almost constantly since the first Spectre/Meltdown new dropped. Before that it was still all good, Coffee Lake was fresh and had exciting OC capabilities, you could play with the chip by delidding it, competing in everything but the best multicore optimized apps with the first gen Ryzens, at an often lower price.
Things looked fine, not great, but fine.
Fast forward 3 years, and ohhhh boyyyy Intel is in deep trouble. Only their deep pockets can save them, which I hope happens, just like it happened with Core 2 Duo.
What matters is that WE, THE CONSUMERS, win.
Let the corporate scum fight it out.
anticupidon
anticupidon