The experts of the Russian company Positive Technologies found a vulnerability in Intel processors. An error allowing hacking a computer was detected on chipsets released over the past five years. This was reported in the press release of the company, received by the editors of Generatorresearch.com.
Attackers could compromise computer encryption keys by exploiting vulnerability CVE-2019-0090. Hackers have the ability to extract the root key of the platform, gain access to the data encrypted on the device and pass their PC to the victim’s computer. In this case, the attackers compromise the Enhanced Privacy ID algorithm, which is used, in particular, to ensure the safety of bank transactions.
Also, a fatal vulnerability can be used to bypass common information protection technologies, for example, illegal copying of content. Positive Technologies expert Mark Ermolov said that there are a lot of key extraction scenarios. “An unscrupulous supplier, a specialist of a service organization, or an employee of your company can intercept a key if they got physical access to a PC,” Yermolov said.
Experts noted that this error is present in most Intel chipsets released over the past five years. Since it allows you to organize code execution at the zero level of Intel CSME privileges, it is impossible to eliminate this error by updating the firmware.
Intel responded to the problem and encouraged users to update the software in a timely manner. Engineers advised owners of devices based on Intel technology to contact the manufacturer of the equipment for recommendations and updates. Positive Technologies experts also suggested disabling media encryption technology using the Intel CSME subsystem, or replacing the processor with an Intel chipset of the tenth series or higher.
The Russian company compared this vulnerability with the Bootrom error found in the fall of 2019. The Checkm8 tool allows you to access the iPhone at the system level, the hacking process occurs during the boot of the device. The vulnerability is unrecoverable and affects all iPhones released from 2011 to 2017. However, to exploit the vulnerability, an attacker needs physical access to the device.