Tuesday December 10, 2019
Home Lead Story Researchers D...

Researchers Discover Serious Security Issues in Computer Chips Made by Intel

Once discovered, the flaws were reported to the chipmakers by the WPI researchers, who also have described the flaws in a paper

0
//
Intel
The chipmaker Intel announced earlier this year that more than 1 billion ST33 chips have been sold. Wikimedia Commons

An international team of researchers has discovered serious security vulnerabilities in computer chips made by chip giant Intel and Geneva-based semiconductor manufacturer STMicroelectronics that has affected billions of laptop, server, tablet and desktop users globally.

The two vulnerabilities, which have now been addressed, would have allowed hackers to employ timing side-channel attacks to steal cryptographic keys that are supposed to remain safely inside the chips.

The recovered keys could be used to compromise a computer’s operating system, forge digital signatures on documents, and steal or alter encrypted information.

The flaws are located in TPMs, or trusted platform modules, which are specialized, tamper-resistant chips that computer manufacturers have been deploying in nearly all laptops, smartphones and tablets for the past 10 years.

“If hackers had taken advantage of these flaws, the most fundamental security services inside the operating system would have been compromised,” said Berk Sunar, professor of electrical and computer engineering and leader of Vernam Lab at Worcester Polytechnic Institute in Massachusetts.

“This chip is meant to be the root of trust. If a hacker gains control of that, they’ve got the keys to the castle,” Sunar warned.

Intel
An international team of researchers has discovered serious security vulnerabilities in computer chips made by chip giant Intel and Geneva-based semiconductor manufacturer STMicroelectronics that has affected billions of laptop, server, tablet and desktop users globally. Pixabay

Following an international security standard, TPMs are used to secure encryption keys for hardware authentication and cryptographic keys, including signature keys and smart card certificates.

Pushing the security down to the hardware level offers more protection than a software-only solution and is required by some core security services.

WPI security researchers Sunar and Daniel Moghimi led an international team of researchers that discovered these two serious security vulnerabilities.

One of the flaws the WPI team discovered is in Intel’s TPM firmware, or fTPM–software that runs in the Security and Management Engine in processors the company has produced since it launched its Haswell processor in 2013.
Haswell CPUs are used in the popular Core i3, i5, and i7 family of processors.

The second flaw is in STMicroelectronics’ TPM.

Notably, the STMicroelectronics’ vulnerability is in a chip that has received a strong industry-recognized security certification from “Common Criteria” — a highly acknowledged security stamp of approval based on international specifications designed to ensure technology meets high security standards preferred in industrial and government deployments.

The WPI researchers worked with Thomas Eisenbarth, a professor of IT security at the University of Lubeck in Germany, and Nadia Heninger from University of California, San Diego.

Once discovered, the flaws were reported to the chipmakers by the WPI researchers, who also have described the flaws in a paper to be presented at the “29th USENIX Security Symposium” in Boston next August.

“We provided our analysis tools and results to Intel and STMicroelectronics and both companies worked with us to create a patch or make sure a security patch will be provided for the next generation of these devices,” said Moghimi.

Intel
The two vulnerabilities, which have now been addressed, would have allowed hackers to employ timing side-channel attacks to steal cryptographic keys that are supposed to remain safely inside the Intel chips. Wikimedia Commons

Moghimi explained that if hackers gained access to the Intel software, they could forge digital signatures, enabling them to alter, delete, or steal information.

The research team discovered another flaw in the STMicroelectronics’ TPM, which is based on the company’s popular ST33 chip.

ALSO READ: Use These Tools to Calculate Your Crypto Tax

The chipmaker announced earlier this year that more than 1 billion ST33 chips have been sold. (IANS)

Next Story

US Chipmaker Intel Eyes AI on ‘Edge Computing’

It is designed to accelerate AI tasks, particularly ones like image processing, delivering performance up to six times the power efficiency of existing processors

0
Intel on Wednesday unveiled eight additional 10th Gen Intel Core processors for modern laptop computing.
Intel on Wednesday unveiled eight additional 10th Gen Intel Core processors for modern laptop computing. Pixabay

US chipmaker Intel Corp. has said that it will focus on “edge computing” that could hold the key to the success of artificial intelligence (AI) in the future.

Edge computing refers to the practice of storing data on computers located near cell towers and other network equipment to improve network response times. It is different from today’s Cloud-based system, where information is sent to a distant data centre, Yonhap news agency reported on Wednesday.

“Forty-three per cent of AI tasks will be handled by edge computing in 2023,” Kwon Myung-sook, CEO of Intel Korea, said in a statement during a forum in Seoul.

“AI devices empowered with edge function will jump 15-fold.”

The expansion of computing at the edge is an important growth opportunity for the chip giant — an estimated $65 billion market by 2023, Intel said.

Huawei, Atlas 900, World
The future of computing is a massive market worth more than two trillion US dollars. Pixabay

More AI is being incorporated into edge devices, from Internet of Things (IoT) devices to smartphones, as AI algorithms improve, according to the company.

“Innovation in edge computing has become necessary where data is most produced,” Kwon said. “It is why Intel is preparing a platform solution that can cover both hardware and software.”

Intel said AI will support and provide new services in eight key industries, including smart cities, robots and gaming.

Also Read: India Ranked 5th Worst Country For Use of Biometric Data: Comparitech Report

In order to do so, Intel said it will launch the next-generation Movidius Vision Processing Unit next year.

It is designed to accelerate AI tasks, particularly ones like image processing, delivering performance up to six times the power efficiency of existing processors. (IANS)