 |
| Intel Chipset Bug Hitting CSME Functionality |
CSME Intel Chipset
Bug: Cyber security researchers have pointed out towards a very critical drawback
currently prevailing within Intel chipset that impacts the CSME functionality.
The drawback is
present within the Converged Security and Management Engine (CSME) of the
Chip-set.
The role of CSME
is of high importance. It uses to control the different functionalities such as
system boots; devices power levels, the firmware, and cryptography functions.
This vulnerability allows consumers breaching CSME, and controls the following
features potentially by inserting malicious codes
- Scaling up Privileges
- Disclose Information
- Cause of Service Denial
Positive Technology
This vulnerability
has been disclosed by the research conducted by “Positive technology” in its
report published on last Thursday. This disclosure
has made it worse for the company when much other vulnerability like Meltdown
and Spectre, and the ZombieLoad are being reported within the last three years.
When deos CSME bug attack on Machines?-Time Lag –Vulnerability
The CSME turns on
first while your machine is being boosted up. Its two processing units are RAM
and ROM. Its primary job is to look after the system’s firmware, so the first responsibility
to protect its memory from hackers attack via malicious codes. Here is the
short gap of time between this process, say a lag in the system, CSME becomes
Vulnerable and its data and memories remain unsafe. This short span of time
(time lag) permits hackers to intercept the system by transferring DMA (Data
Memory Access) to CSME’s Memory and Hijack the controls of the chip.
Cyber Security
Scientists are considering this vulnerability unfixable and put a strong dent
on Intel’s integrity and reputation. This bug has attacked like an atom bomb on
the roots of trust that company has built as strong security provider. Attackers
can use this bug both physically, stealing the machine, and by sending a
malware.
However, the exploiting
system through this bug or flaw is an extremely a hard job. Mostly Hackers need
physical access to the devices along with the highly sophisticated and specialized
hardware equipment to control the CSME of Intel chipset.
Protection against CSME Bug or Vulnerability
Unfortunately, No
system is free of drawbacks and risks. Intel is using its par excellence expertise
to secure its roots of trust. In May
2019 Intel has patched this vulnerability in Intel CPU that impacts its roots
of trust by releasing Intel-SA-00213 security updates. Intel has informed about
this drawback and thus advised its consumers to update their systems with the latest
version. Security experts also recommend
that replace all the devices operating sensitive operation with the latest
version that are not affected by this vulnerability or bug. End user should take measures to keep
physical possession of their devices more secure. Only the 10thgeneration of Intel Chipset is not impacted by this bug, researchers said. Intel recommends
end users contact your system or motherboard manufacturers to get latest updates
about the firmware or Bios that are impacted by this bug. Intel has no concern
over this issue for other manufacturers, and does not provide any updates.
Want to read about
Krook vulnerability, then click here.