New York (The Verge) — A major new Intel processor flaw could defeat encryption and DRM protections trib.al/h8Aw9AE.
Security researchers have discovered another major Intel processor security vulnerability. It could allow attackers to install keyloggers at the hardware level, or defeat encryption and DRM protections.
Security firm Positive Technologies discovered the flaw, and is warning that it could break apart a chain of trust for important technology like silicon-based encryption, hardware authentication, and modern DRM protections. “This vulnerability jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company’s platforms,” explains security researcher Mark Ermolov.
The root of the flaw is Intel’s Converged Security Management Engine (CSME), the part of Intel’s chips that’s responsible for securing all firmware that runs on Intel-powered machines. Intel has previously patched vulnerabilities in the CSME, but the researchers warn the CSME firmware is unprotected early on when a system boots so it’s still vulnerable to attacks. — Tom Warren/@verge