Skip to main content

Uh-oh! There’s an unfixable security vulnerability in Intel processors

A security issue that could affect almost all Intel processors released in the last five years has been discovered. Researchers at the security firm Positive Technologies found an error in a system called the Intel Converged Security and Management Engine (CSME), as well as in the hardware of the chips themselves.

The CSME system is used in a large number of processes on the chips, including initial authentication, and is the basis for various hardware security technologies used on Intel chipsets. It may be impossible to fully secure against this vulnerability.

Recommended Videos

“This vulnerability jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company’s platforms,” the researchers wrote in a blog post. “The problem is not only that it is impossible to fix firmware errors that are hard-coded in the Mask ROM of microprocessors and chipsets. The larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole.”

Please enable Javascript to view this content

Security researcher Mark Ermolov gave more details about the vulnerability in a statement: “The vulnerability resembles an error recently identified in the BootROM of Apple mobile platforms, but affects only Intel systems. Both vulnerabilities allow extracting users’ encrypted data.

“Here, attackers can obtain the key in many different ways. For example, they can extract it from a lost or stolen laptop in order to decrypt confidential data. Unscrupulous suppliers, contractors, or even employees with physical access to the computer can get hold of the key. In some cases, attackers can intercept the key remotely, provided they have gained local access to a target PC as part of a multistage attack, or if the manufacturer allows remote firmware updates of internal devices, such as Intel Integrated Sensor Hub.”

Intel has issued a patch to mitigate the issue, which should make it harder for hackers to take advantage of the vulnerability. However, the security issue cannot be completed fixed through software patching. To completely secure against the issue, short of buying a new processor, Positive Technologies recommends disabling Intel CSME-based encryption of data storage devices.

If you are concerned about the security of your Intel chip, there is a page of information and recommendation on Intel’s website that you can check for guidance.

Georgina Torbet
Georgina has been the space writer at Digital Trends space writer for six years, covering human space exploration, planetary…
Intel’s 24-core laptop CPU might outclass desktop i9 processors
A render of Intel's H-series mobile processors.

Intel is pushing laptop CPU core counts to places they've never been before. The company announced its 13th-gen Raptor Lake mobile processors at CES 2023, including the flagship Core i9-13980HX which includes a massive 24 cores that could top the list of the best Intel processors.

That sounds insane considering even AMD's desktop Ryzen 9 7950X only comes with 16 cores. But Intel's cores aren't all built equally. Like the previous generation, 13th-gen mobile Raptor Lake processors include a combination of performance (P) cores and efficient (E) cores. The most powerful chips in the range come with 24 cores, but they're split across eight P-cores and 16 E-cores.

Read more
Intel Raptor Lake CPUs: Everything we know about the 13th-gen processors
Intel Core i5-13600K installed in a motherboard.

Raptor Lake is Intel's 13th generation of processors, and it's one of the most exciting hardware launches of the year. Following up on the momentum it built with its Alder Lake line of CPUs, Intel is looking to retain some of the hard-fought performance crowns. It's got new and stiffer competition, though, in the form of AMD's Ryzen 7000 series of Zen 4 CPUs, which have already impressed for their efficiency and performance.

How will these new CPU lines fair when going head to head? Here's everything you need to know about Raptor Lake.
Pricing and availability

Read more
Intel XeSS is already disappointing, but there’s still hope
Intel XeSS visualized.

Intel's hotly anticipated Xe Supersampling (XeSS) tech is finally here, and a couple weeks before Intel's Arc Alchemist GPUs show up. It's available now in Death Stranding and Shadow of the Tomb Raider, and more games are sure to come. But right now, it's really difficult to recommend turning XeSS on.

Bugs, lacking performance, and poor image quality have sent XeSS off to a rough start. Although there are glimmers of hope (especially with Arc's native usage of XeSS), Intel has a lot of work ahead to get XeSS on the level of competing features from AMD and Nvidia.
Spotty performance

Read more