Researchers have unearthed a serious flaw in Intel-branded chipsets from the last five years that could allow cyber crooks to bypass encryption codes and silently install malware, like keyloggers that store everything you type on your keyboards – including passwords. And worst of all? The security team from Positive Technologies believe there’s no way to fix the issue in the Intel silicon that is already powering millions of Windows 10, iMac, MacBook and Chromebooks across the globe.
The vulnerability is hard-coded in the boot ROM, which leaves millions of devices worldwide that use Intel architecture to serious industrial espionage and leaks of sensitive information. Worryingly, the researchers claim that it’s impossible to detect when espionage takes place on your machine. So, you might never know that cyber criminals have stolen sensitive information from your personal computer or business.
Thankfully, there are ways to prevent these types of attack.
Threat analysis firm Positive Technologies says hackers would need access to the same local network used by the target device. Either that, or the crooks would need to get their hands on the machine itself. That limits the probability of an attack slightly.
Next major WhatsApp update is designed to keep your texts, photos safe from hackers
The researchers also noted that using an encrypted chipset key inside the one-time programmable (OTP) memory would also provide a barrier to attack. However, the unit that initiates the encryption is still open to attack itself. That’s what makes this such a concerning flaw.
In a report about the hugely widespread vulnerability, the researchers stated: “Since the ROM vulnerability allows seizing control of code execution before the hardware key generation mechanism … is locked, and the ROM vulnerability cannot be fixed, we believe that extracting this [encryption] key is only a matter of time.
“When this happens, utter chaos will reign.”
If your computer is powered by Intel’s most recent line of chips, the 10th generation processors, you’re not vulnerable to the threat – so no need to panic. If you’re unsure of the version of the Intel chipsets, the manufacturer of your machine will have the details on their website.
Intel acknowledged that it was aware of the issues last year. Since then, it has released a patch designed to address the problem. However, Positive Technologies researchers claim the software update only partially solves the issue. A spokesman for the US chipset manufacturer explained that they cannot secure hardcoded ROM in existing computers – so the only way to keep users safe if to create patches that quarantine potential targets for attack within the system.
The latest crisis comes at a time of increasingly fierce competition with AMD, developer of the popular Ryzen chip. Apple is believed to be developing its own chipsets to power future MacBook models. By designing its own chip architecture – as it already does with its iPhone, iPad and Apple Watch – the company is able to tailor the requirements to exactly what is needed to power its own operating system.