TGFC Lifestyle - Powered by Discuz! Board

标题: [电脑] 牙膏厂有完没完了？……又闯祸了？ [打印本页]

作者: Mas 时间: 2020-3-7 11:01 标题: 牙膏厂有完没完了？……又闯祸了？

https://www.engadget.com/2020/03 ... able-security-flaw/
Security researchers have discovered another flaw in recent Intel chips that, while difficult to exploit, is completely unpatchable. The vulnerability is within Intel's Converged Security and Management Engine (CSME), a part of the chip that controls system boot-up, power levels, firmware and, most critically, cryptographic functions. Security specialists Positive Technologies have found that a tiny gap in security in that module that could allow attackers to inject malicious code and, eventually, commandeer your PC.

The vulnerability is another in a string of Intel chip flaws that have damaged the chipmaker's reputation of late. In 2018, Intel faced heavy criticism over the Meltdown and Spectre flaws in Intel chips that could have allowed attackers to steal data.

CSME, which has its own 486-based CPU, RAM and boot ROM, is the first thing that runs when you boot up your computer. One of the first things it does is protect its own memory, but before that happens, there's a brief moment when it's vulnerable. If hackers have local or physical access to a machine, they might be able to fire off a DMA transfer to that RAM, overwriting it and hijacking code execution.

Since the ROM vulnerability allows seizing control of code execution before the hardware key generation mechanism in the SKS is locked, and the ROM vulnerability cannot be fixed, we believe that extracting this key is only a matter of time. When this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted.

Since the boot code and RAM are hard coded into Intel's CPUs, they can't be patched or reset without replacing the silicon. That makes it impossible for Intel or computer makers to mitigate, let alone completely fix, the vulnerability.

The CSME's security functions allow the operating system and apps to securely store file encryption keys using a master "chipset key." If an attacker could access that key by executing malicious code, they could gain access to core parts of the operating system along with apps, and potentially do serious damage.

"This [chipset] key is not platform-specific. A single key is used for an entire generation of Intel chipsets," explains Mark Ermolov from Positive Technologies. "And since... the ROM vulnerability cannot be fixed, we believe that extracting this key is only a matter of time. When this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted."

That sounds dramatic, but exploiting the vulnerability would require major technological know-how, specialized equipment and physical access to a machine. Once hackers were inside a system, though, they could feasibly gain persistent remote access.

The vulnerability applies to machines with Intel chips built over the last five years or so. Intel said that it was notified of the vulnerabilities and released mitigations in May 2019 to be incorporated into firmware updates for motherboards and computer systems.

The chip giant told Ars Technica on background that those updates "should" mitigate local attacks. However, physical attacks (where attackers have possession of a targeted computer) might still be possible if attackers can roll back BIOS versions. As such, Intel said in a support document that "end users should maintain physical possession of their platforms.'

作者: alfredxi 时间: 2020-3-7 11:40

posted by wap, platform: iPhone
2月份不是才给CSME打过补丁么？又来一个漏洞？
另外这个If hackers have local or physical access to a machine, they might be able to fire off a DMA transfer to that RAM, overwriting it and hijacking code execution

作者: manmanwan1 时间: 2020-3-7 11:41

你坛国际友人能不能不要发家乡话？

作者: 铁观音 时间: 2020-3-7 12:23

引用:

原帖由 manmanwan1 于 2020-3-7 11:41 发表
你坛国际友人能不能不要发家乡话？

“Security researchers have discovered another flaw in recent Intel chips”
只要能看懂第一句话的前半句就行了

作者: 卖哥 时间: 2020-3-7 12:34

类似隐患AMD也有。
这确实是双刃剑，CSME本身是加强安全性的，而且安全性考虑物理上就不可篡改，但是如果有问题也会是物理上的不可修复。

作者: Mas 时间: 2020-3-7 13:23

还是卖哥厉害，一眼就看穿了按摩店身上七十二个破绽

作者: fb945 时间: 2020-3-7 13:37

posted by wap, platform: Android
好了，rlk增加的那些ipc要吸回去了

作者: 卖哥 时间: 2020-3-7 13:57

引用:

原帖由 fb945 于 2020-3-7 13:37 发表
posted by wap, platform: Android
好了，rlk增加的那些ipc要吸回去了

这个位于cpu启动之前运行的内容跟cpu核心没有任何关系，所以也不会影响性能英特尔跑这个功能是一个486，AMD那边是一个Cortex-M3；而且是为了安全做成了不可篡改的设计，所以也不可能打补丁修复，为了解决办法只有换硬件。
此外10代起的处理器没有该漏洞，毕竟对于没有生产出来的硬件这漏洞还是可以修复。

英特尔基于这个技术的AMT其实出问题好几次了，AMD类似技术的PSP也有漏洞报告，https://www.4hou.com/posts/83qg。

欢迎光临 TGFC Lifestyle (http://club.tgfcer.com/)