Monday January 27, 2020
Home Lead Story Researchers D...

Researchers Discover Serious Security Issues in Computer Chips Made by Intel

Once discovered, the flaws were reported to the chipmakers by the WPI researchers, who also have described the flaws in a paper

0
//
Intel
The chipmaker Intel announced earlier this year that more than 1 billion ST33 chips have been sold. Wikimedia Commons

An international team of researchers has discovered serious security vulnerabilities in computer chips made by chip giant Intel and Geneva-based semiconductor manufacturer STMicroelectronics that has affected billions of laptop, server, tablet and desktop users globally.

The two vulnerabilities, which have now been addressed, would have allowed hackers to employ timing side-channel attacks to steal cryptographic keys that are supposed to remain safely inside the chips.

The recovered keys could be used to compromise a computer’s operating system, forge digital signatures on documents, and steal or alter encrypted information.

The flaws are located in TPMs, or trusted platform modules, which are specialized, tamper-resistant chips that computer manufacturers have been deploying in nearly all laptops, smartphones and tablets for the past 10 years.

“If hackers had taken advantage of these flaws, the most fundamental security services inside the operating system would have been compromised,” said Berk Sunar, professor of electrical and computer engineering and leader of Vernam Lab at Worcester Polytechnic Institute in Massachusetts.

“This chip is meant to be the root of trust. If a hacker gains control of that, they’ve got the keys to the castle,” Sunar warned.

Intel
An international team of researchers has discovered serious security vulnerabilities in computer chips made by chip giant Intel and Geneva-based semiconductor manufacturer STMicroelectronics that has affected billions of laptop, server, tablet and desktop users globally. Pixabay

Following an international security standard, TPMs are used to secure encryption keys for hardware authentication and cryptographic keys, including signature keys and smart card certificates.

Pushing the security down to the hardware level offers more protection than a software-only solution and is required by some core security services.

WPI security researchers Sunar and Daniel Moghimi led an international team of researchers that discovered these two serious security vulnerabilities.

One of the flaws the WPI team discovered is in Intel’s TPM firmware, or fTPM–software that runs in the Security and Management Engine in processors the company has produced since it launched its Haswell processor in 2013.
Haswell CPUs are used in the popular Core i3, i5, and i7 family of processors.

The second flaw is in STMicroelectronics’ TPM.

Notably, the STMicroelectronics’ vulnerability is in a chip that has received a strong industry-recognized security certification from “Common Criteria” — a highly acknowledged security stamp of approval based on international specifications designed to ensure technology meets high security standards preferred in industrial and government deployments.

The WPI researchers worked with Thomas Eisenbarth, a professor of IT security at the University of Lubeck in Germany, and Nadia Heninger from University of California, San Diego.

Once discovered, the flaws were reported to the chipmakers by the WPI researchers, who also have described the flaws in a paper to be presented at the “29th USENIX Security Symposium” in Boston next August.

“We provided our analysis tools and results to Intel and STMicroelectronics and both companies worked with us to create a patch or make sure a security patch will be provided for the next generation of these devices,” said Moghimi.

Intel
The two vulnerabilities, which have now been addressed, would have allowed hackers to employ timing side-channel attacks to steal cryptographic keys that are supposed to remain safely inside the Intel chips. Wikimedia Commons

Moghimi explained that if hackers gained access to the Intel software, they could forge digital signatures, enabling them to alter, delete, or steal information.

The research team discovered another flaw in the STMicroelectronics’ TPM, which is based on the company’s popular ST33 chip.

ALSO READ: Use These Tools to Calculate Your Crypto Tax

The chipmaker announced earlier this year that more than 1 billion ST33 chips have been sold. (IANS)

Next Story

Hack Text Messages from Remote Location

0
Hack texts
With the recent development in the information technology field, it is possible to hack information from other mobile devices. Pixabay

With the recent development in the information science and technology field, it is possible to hack information from other mobile devices. Everyone is using a smartphone these days with Android, iOS or Windows operating systems which are not secured because many applications or software are designed to break the security and enter into the system. The mechanism to steal messages and other information is an interesting and enlightening task. Remote download of text messages of someone’s mobile through the internet is the main function of the hacking process. The basic requirement to initiate the process is to get the target’s phone number and a stable wi-fi connection.

Hack Text messages using the computer:

Many people are using a shared computer system and the browser saves much information which is sufficient for a hacker.

Steps for computer-based hacking:

Hack texts
The mechanism to hack messages and other information is an interesting and enlightening task. Pixabay
  1. When a user logged out his account from a system and another member is going to use it for the first time. 
  2. Invisible tracing can be activated on the system using computer-based software that can read the browser information and record all your activities for the hacker.
  3. In this way, novice users will never figure out that their account is under the provision of a hacker.

Hacking the information from jailbreak or rooted devices is quite easy, as all security locks are already broken. Most of the tracing monitors are compatible with both the operating systems.

Here is the list of features, which are provided by the application used to hack cell phone text messages:

  1. Location settings should be active of an intended source device, it is a real-time system to get the current place of the victim. With reading text messages, you can also have full access to the contact list.
  2. The application enabled you to check the call history and blocking and unblocking can be controlled by a hacker from a remote location.
Hack texts
Though iPhones are very secure, there is only one way to hack them by installing a new tracking or spying application on your device. Pixabay
  1. A control panel or dashboard is available for you to fetch all the device information as a file as well as call logs with details.
  2. With the hacking application, you have access to read the incoming and outgoing emails also to know about the schedule and gatherings. You can also check the bookmarks, browser history or websites that target is using.
  3. It not only covers the standard messaging application but also check other messengers such as Skype, Viber or WhatsApp. The application acts as remote control of another device and you will get the alerts if anything important is changed by the device owner.
  4. As a parent, you can block the websites if the children are using the internet all the time. And it prevents them to look inapt content which diverts them from studies. Doing these activities from a remote location can help not to breach the privacy of the teenagers.
  5. Employers can use this application to offer limited access to employees, which will help to increase the productivity of the business.

Also Read- Twitter India Unveils Special Tricolor India Gate Emoji To Celebrate 71st Republic Day

Though iPhones are very secure, there is only one way to hack them by installing a new tracking or spying application on your device.