Tuesday, October 20, 2020
Home Lead Story Researchers Discover Serious Security Issues in Computer Chips Made by Intel

Researchers Discover Serious Security Issues in Computer Chips Made by Intel

Once discovered, the flaws were reported to the chipmakers by the WPI researchers, who also have described the flaws in a paper

An international team of researchers has discovered serious security vulnerabilities in computer chips made by chip giant Intel and Geneva-based semiconductor manufacturer STMicroelectronics that has affected billions of laptop, server, tablet and desktop users globally.

The two vulnerabilities, which have now been addressed, would have allowed hackers to employ timing side-channel attacks to steal cryptographic keys that are supposed to remain safely inside the chips.

The recovered keys could be used to compromise a computer’s operating system, forge digital signatures on documents, and steal or alter encrypted information.

The flaws are located in TPMs, or trusted platform modules, which are specialized, tamper-resistant chips that computer manufacturers have been deploying in nearly all laptops, smartphones and tablets for the past 10 years.

“If hackers had taken advantage of these flaws, the most fundamental security services inside the operating system would have been compromised,” said Berk Sunar, professor of electrical and computer engineering and leader of Vernam Lab at Worcester Polytechnic Institute in Massachusetts.

“This chip is meant to be the root of trust. If a hacker gains control of that, they’ve got the keys to the castle,” Sunar warned.

Intel
An international team of researchers has discovered serious security vulnerabilities in computer chips made by chip giant Intel and Geneva-based semiconductor manufacturer STMicroelectronics that has affected billions of laptop, server, tablet and desktop users globally. Pixabay

Following an international security standard, TPMs are used to secure encryption keys for hardware authentication and cryptographic keys, including signature keys and smart card certificates.

Pushing the security down to the hardware level offers more protection than a software-only solution and is required by some core security services.

WPI security researchers Sunar and Daniel Moghimi led an international team of researchers that discovered these two serious security vulnerabilities.

One of the flaws the WPI team discovered is in Intel’s TPM firmware, or fTPM–software that runs in the Security and Management Engine in processors the company has produced since it launched its Haswell processor in 2013.
Haswell CPUs are used in the popular Core i3, i5, and i7 family of processors.

The second flaw is in STMicroelectronics’ TPM.

Notably, the STMicroelectronics’ vulnerability is in a chip that has received a strong industry-recognized security certification from “Common Criteria” — a highly acknowledged security stamp of approval based on international specifications designed to ensure technology meets high security standards preferred in industrial and government deployments.

The WPI researchers worked with Thomas Eisenbarth, a professor of IT security at the University of Lubeck in Germany, and Nadia Heninger from University of California, San Diego.

Once discovered, the flaws were reported to the chipmakers by the WPI researchers, who also have described the flaws in a paper to be presented at the “29th USENIX Security Symposium” in Boston next August.

“We provided our analysis tools and results to Intel and STMicroelectronics and both companies worked with us to create a patch or make sure a security patch will be provided for the next generation of these devices,” said Moghimi.

Intel
The two vulnerabilities, which have now been addressed, would have allowed hackers to employ timing side-channel attacks to steal cryptographic keys that are supposed to remain safely inside the Intel chips. Wikimedia Commons

Moghimi explained that if hackers gained access to the Intel software, they could forge digital signatures, enabling them to alter, delete, or steal information.

The research team discovered another flaw in the STMicroelectronics’ TPM, which is based on the company’s popular ST33 chip.

ALSO READ: Use These Tools to Calculate Your Crypto Tax

The chipmaker announced earlier this year that more than 1 billion ST33 chips have been sold. (IANS)

STAY CONNECTED

19,120FansLike
362FollowersFollow
1,782FollowersFollow

Most Popular

Air Pollution Causes Food Delivery Leading to Plastic Waste

When the air quality outside is bad, office workers are more likely to order food than go out for lunch, which in turn increases...

Virus Can Reinfect COVID Patients When Antibodies Start Depleting

Patients who have recovered from COVID-19 can again get infected by the virus once the antibodies of the viral disease start depleting, the Indian...

International Chef Day a Low-Key Event Due to Pandemic

The International Chef Day is observed on October 20, but this year, the celebrations here were muted as chefs are facing a torrid time...

Coffee Before Breakfast May Increase Diabetes Risk

If you're taking coffee before breakfast, read this carefully. Researchers have found that drinking coffee first thing can have a negative effect on blood...

India’s Nutrition Experts on Supporting Public Health Delivery

Indias public health and nutrition efforts are differentiated by an enterprising early start going as far back as 1975 with the beginning of Anganwadi...

‘Fashion Reboot’- A Collection Focusing Gen Z

The final day of the digital edition of Lotus Make-up India Fashion Week, Spring/Summer 2021 on Sunday opened a film presentation that showcased a...

Disorder in Sleep Cycle Due to Excessive Use of Cellphones

Cell phones have become integral to function for nearly everyone. While it has brought a lot of tasks to our fingertips, cell phones also...

Higher Mortality Risk for COVID Patients with Kidney Diseases

Researchers, including one of Indian-origin, have found that there is a much higher risk of mortality faced by COVID-19 patients in intensive care, who...

Recent Comments