New Intel chip flaw threatens encryption, but Macs are safe
A chip-level flaw in Intel-made silicon could render many of the chipmaker's security features useless, though recent Macs are safe.
While the vulnerability affects all recent Intel processors, 10th-generation CPUs and T1 and T2-equipped Macs are safe from it.
Inherent vulnerabilities in Intel chips have been a common theme over the past couple of years, with major flaws exploits like Meltdown, Spectre and ZombieLoad impacting virtually all Intel-equipped devices.
In 2019, security researchers at Positive Technologies discovered another issue with Intel chips. Specifically, it's a vulnerability affecting Intel's Converged Security Management Engine, a key security feature in Intel technology and firmware running on Intel hardware.
Along with loading and varying BIOS and power management firmware, CSME also provides the "cryptographic basis" for features such as Digital Rights Management (DRM) technologies, firmware-based trusted platform modules (TPMs), or Intel's own Enhanced Privacy ID.
Intel released a patch in 2019 to mitigate the issue, but researchers at Positive Technologies have found it to be much worse than originally anticipated. New research published on Thursday indicates that the vulnerability can be exploited to recover a root cryptographic key, potentially granting an attacker access to everything on a device's data.
That could be a major problem for DRM-protected media. Used offensively, the flaw could be leveraged to decrypt traffic inbound or outbound from the impacted device. On a larger scale, it could be used on Intel-based servers.
Though past Intel vulnerabilities have affected Apple devices, this flaw doesn't impact recent Macs equipped with an Apple T1 or T2 chip. Since those chips are based on first-party technology and boot before any Intel chips, a user's encryption keys are safe.
Of course, older Macs without a T-series chip -- or the present iMac lineup minus the iMac Pro -- may be vulnerable to the exploit, which could affect FileVault encryption. The flaw is unpatchable and Intel advises that users "maintain physical possession" of their devices as there is no way to use the attack vector remotely by clicking on a bad advertisement, for instance.
Intel points out that 10th-generation chips are safe from it, however. The vulnerability, and others like it, is also one of many potential reasons why Apple may soon move its Macs over to ARM-based processors.
While the vulnerability affects all recent Intel processors, 10th-generation CPUs and T1 and T2-equipped Macs are safe from it.
Inherent vulnerabilities in Intel chips have been a common theme over the past couple of years, with major flaws exploits like Meltdown, Spectre and ZombieLoad impacting virtually all Intel-equipped devices.
In 2019, security researchers at Positive Technologies discovered another issue with Intel chips. Specifically, it's a vulnerability affecting Intel's Converged Security Management Engine, a key security feature in Intel technology and firmware running on Intel hardware.
Along with loading and varying BIOS and power management firmware, CSME also provides the "cryptographic basis" for features such as Digital Rights Management (DRM) technologies, firmware-based trusted platform modules (TPMs), or Intel's own Enhanced Privacy ID.
Intel released a patch in 2019 to mitigate the issue, but researchers at Positive Technologies have found it to be much worse than originally anticipated. New research published on Thursday indicates that the vulnerability can be exploited to recover a root cryptographic key, potentially granting an attacker access to everything on a device's data.
That could be a major problem for DRM-protected media. Used offensively, the flaw could be leveraged to decrypt traffic inbound or outbound from the impacted device. On a larger scale, it could be used on Intel-based servers.
Though past Intel vulnerabilities have affected Apple devices, this flaw doesn't impact recent Macs equipped with an Apple T1 or T2 chip. Since those chips are based on first-party technology and boot before any Intel chips, a user's encryption keys are safe.
Of course, older Macs without a T-series chip -- or the present iMac lineup minus the iMac Pro -- may be vulnerable to the exploit, which could affect FileVault encryption. The flaw is unpatchable and Intel advises that users "maintain physical possession" of their devices as there is no way to use the attack vector remotely by clicking on a bad advertisement, for instance.
Intel points out that 10th-generation chips are safe from it, however. The vulnerability, and others like it, is also one of many potential reasons why Apple may soon move its Macs over to ARM-based processors.
Comments
Sure, but FileVault exists because you can't always guarantee physical security of your Macs.
Dial back the rhetoric a bit.
And if you have a USB drive protected with a modern T2 Mac can it be broke by mounting it on an older machine?
2) I would imagine it would be tighter than it is now, especially since we can see that the T-series chip locks it down more than before its existence, but I don't see it being tighter than the iPad. I'd say on par, at most.
/s
That’s not to say that it would eliminate all possibility of chip-level errors, but these stories about Intel’s chips would sure become less common if they took that approach.
I hope you enjoy your abacus.