Some of Our Sources
- Mashable
- Technology Review
- Team Treehouse
- Just Creative
- Pearsonified
- Spoon Graphics
- Smashing Apps
- Noupe
- Reencoded
- Willems Lab
Help Webnuz
Referal links:
October 28, 2020 10:10 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/9ObiwJHFuzA/hackers-can-now-reverse-engineer-intel-updates-or-write-their-own-custom-firmware
Hackers Can Now Reverse Engineer Intel Updates Or Write Their Own Custom Firmware
An anonymous reader quotes a report from Ars Technica: Researchers have extracted the secret key that encrypts updates to an assortment of Intel CPUs, a feat that could have wide-ranging consequences for the way the chips are used and, possibly, the way they're secured. The key makes it possible to decrypt the microcode updates Intel provides to fix security vulnerabilities and other types of bugs. Having a decrypted copy of an update may allow hackers to reverse engineer it and learn precisely how to exploit the hole it's patching. The key may also allow parties other than Intel -- say a malicious hacker or a hobbyist -- to update chips with their own microcode, although that customized version wouldn't survive a reboot. "At the moment, it is quite difficult to assess the security impact," independent researcher Maxim Goryachy said in a direct message. "But in any case, this is the first time in the history of Intel processors when you can execute your microcode inside and analyze the updates." Goryachy and two other researchers -- Dmitry Sklyarov and Mark Ermolov, both with security firm Positive Technologies -- worked jointly on the project. The key can be extracted for any chip -- be it a Celeron, Pentium, or Atom -- that's based on Intel's Goldmont architecture. In a statement, Intel officials wrote: "The issue described does not represent security exposure to customers, and we do not rely on obfuscation of information behind red unlock as a security measure. In addition to the INTEL-SA-00086 mitigation, OEMs following Intel's manufacturing guidance have mitigated the OEM specific unlock capabilities required for this research. The private key used to authenticate microcode does not reside in the silicon, and an attacker cannot load an unauthenticated patch on a remote system."Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/9ObiwJHFuzA/hackers-can-now-reverse-engineer-intel-updates-or-write-their-own-custom-firmware
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot