Search This Blog

Showing posts with label Intel Security. Show all posts

Intel Chips Now Exploitable? Sensitive Data Could Be Compromised By Reducing Chips' Voltage!



Hackers can now allegedly, exploit Intel chips via voltage alterations which could lead to a messed up flow of electricity only to weaken the security mechanisms of the chips.

Two research teams from Europe and America had realized that this disruption in the voltage could cause sensitive information stored on the Intel chips to leak using the “Secure Guard Extensions” feature.

The researchers were asked to keep these facts concealed for the last half-year. Intel then sent out updates of its firmware to thwart any possibilities of attack.

“Plundervolt”, per source is the technique named by the researchers which comprises of planting malicious software on the target device to temporarily reduce the voltage of its electrical flow to the Intel chip.

The drop in voltage referred to as “undervolting” generally lets genuine users to conserve power when not needed and to vary the voltage to “overclock” the processor for more strenuous tasks.

But reportedly, by transitorily “undervolting” a processor and timing it accordingly could easily aid a hacker to make the chip dance to their tunes and falter, in turn revealing sensitive data stored within the “SGX enclave”.

Per the researchers, the CPU voltage when reduced could cause a “computation” error in the Intel chips. A “bit-flip” or a “fault injection” in the chips can change a “zero” to “one” on the SGX enclave.

In these potentially exploitable chips, if cryptographic computations are done, the “secret key” could be easily discover-able. The entire chip’s security would become times weaker, leading the data to decipher easily.

The attack in question is undoubtedly not easy to execute. It requires the target computer to already have the malware installed on it by the attacker. The SGS feature of Intel which was vastly advertised as corruption and threat proof in terms of sensitive data. This attack happens to present a startling position of compromise.

ARM Chips other than Intel’s were also experimented upon by artificially fluctuating their voltage much like “Plundervolt” to destabilize the security of the processors.

Intel chips haven’t always had a good record in ensuring security if the processors. Per reports, previous attacks “Spectre” and “Foreshadow” also abused the “speculative execution feature” of the chips way before the patched were released.

“Return-oriented programming” is another technique that could be used to exploit the chips which could make an “already planted” malware invisible to the anti-virus software.

Intel though, did send out an update for its Chips’ firmware which helps the user to freeze the voltage settings to cancel out any further possibilities of the above-mentioned attack.

Although, the way of counteracting the issue of “over-clocking” and the details as to the elaborate details of the update haven’t been sent out by Intel, yet. All that could be said is that keep the processors well updates and all patched up.

Multiple New Spectre CPU Flaws Revealed


According to a report by C’T magazine, researchers have found several data-leaking Spectre CPU vulnerabilities in Intel chips, which they are calling “Spectre Next Generation” or Spectre-NG.

There are reportedly eight new CVE-listed vulnerabilities, which Intel has not confirmed for now. The company, however, has confirmed the reservation of Common Vulnerabilities and Exposures (CVE) numbers, which is part of the investigation and mitigation of possible issues.

"So far we only have concrete information on Intel's processors and their plans for patches. However, there is initial evidence that at least some ARM CPUs are also vulnerable," the report read.

According to the report, further research is also underway on whether the “closely related AMD processor architecture is also susceptible to the individual Spectre-NG gaps,” and to what extent.

The report also says that Intel is already working on its own patches for Spectre-NG and others in cooperation with the operating system manufacturers.

The company is reportedly planning on two waves of patches: first in May and another in August.

“We believe strongly in the value of coordinated disclosure and will share additional details on any potential issues as we finalize mitigations. As a best practice, we continue to encourage everyone to keep their systems up-to-date,” Leslie Culbertson, Executive Vice President and General Manager of Product Assurance and Security at Intel Corporation, said in a statement on Thursday, addressing questions regarding security issues.

New Intel Security Flaw Detected

F-Secure, a Finnish cybersecurity firm revealed on Friday that it has discovered another security flaw in the Intel hardware. This flaw could enable hackers to access corporate laptops remotely.

Earlier it was revealed that the Intel chip had flaws that made almost every smartphone, laptop, or tablets vulnerable to hackers. This flaw is allegedly unrelated to Spectre and Meltdown but is rather an issue within Intel Active Management Technology (AMT).

According to F-Secure, AMT is commonly found in most corporate laptops and the flaw will allow an attacker to take complete control over a user's device in a matter of seconds.

“The issue potentially affects millions of laptops globally," the cybersecurity firm said.

The hacker would need physical access to the device at first but once they had re-configured the AMT, they would be able to effectively “backdoor” the machine and access the device using a remote server, just by connecting to the same network as the user.

There is also a possibility that the hacker would be able to programme the AMT to their own server, thus bypassing the need to connect to the user’s network.

The hacker will be able to access all information on the device after exploiting the flaw and will be able to make changes, download malware, etc. quite easily. No solutions or security measures have been found as yet, other than choosing a strong AMT password or disabling the AMT completely.

McAfee Antivirus will be rebranded as Intel Security

Intel has decided to say Good bye to the McAfee brand name for its security software, the McAfee Security will be renamed "Intel Security".

The rebranding will begin immediately, but the company estimates it will take a year to complete.  The red McAfee shield logo will remain.

Along with the rebranding, Intel is offering the mobile version of McAfee's security solutions for free to use on iOS and Android devices.

The controversial founder of McAfee company, John McAfee told BBC that he was elated by the name change. 

"I am now everlastingly grateful to Intel for freeing me from this terrible association with the worst software on the planet. These are not my words, but the words of millions of irate users." he said.