720-891-1663
Intel has a computer inside your computer that manages the computer under the cover. It used to be called the Intel Management Engine. It has had some security issues in the past, but they have all been patchable. A few years ago, Intel integrated some security features into it (the TPM for you geeks) and now they call it the Converged Security and Management Engine (CSME).
The bug affects all Intel CPUs made in the last five years except for 10th generation CPUs, meaning most computers out there are vulnerable.
The bug allows a hacker to get in the middle to the “chain of trust” when the computer boots and the bad news is that if the bad guy can do this, the hacker could possibly get all of the encryption keys and passwords stored in the computer. This includes the encryption keys that are used to encrypt hard disks in your computer.
Because this bug is in the Read Only Memory (ROM), it is not patchable and will remain as long as the computer is powered up.
Intel has known about this at least since early 2019, maybe longer. They did a partial patch for what they called a privilege escalation bug. Boy is that an understatement. This is the reason that 10th generation processors are not vulnerable – because they knew about it and fixed it.
There is good news and bad news.
The good news is that for right now, this is hard to do and there is no evidence that anyone has figured out how to extract the core key.
The bad news is that the extraction is only a matter of time and the key is the same, at least for all chips in an entire chip family. OUCH.
For now, unfortunately, there is no action that you can take, but stay tuned.
This is a low probability, high impact risk.
For more information check out this article in Forbes.