Written byShubham Sharma
The vulnerability affects chips built over the last five years, but what makes the case even worse is the fact that the issue cannot be fixed, at least not completely.
Here's all you need to know about it.
As the researchers at Positive Technologies explained, a major security flaw is hard-coded in the boot ROM embedded inside Intel chips made over the last five years (except the latest 10th-generation processors).
They didn't share the specifics but claimed that the vulnerability can easily be exploited by hackers to break the silicon-based encryption, hardware authentication and modern DRM protection of the chips.
The researchers emphasized that the number of affected chips effectively puts hundreds of millions of computers, including personal and enterprise machines, at risk.
Now, this means that if the bug is exploited at a large scale, hackers can bypass encryption codes and quietly install malware capable of stealing passwords, spying, or stealing sensitive information - without letting the targets know.
"The scenario that Intel system architects, engineers...feared most is now a reality," says Positive Technologies' OS specialist Mark Ermolov. "This vulnerability jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company's platforms."
The flaw poses a major threat to PC security, and as it ties to the hardware, there is no way to fix the glitch completely.
Meanwhile, a spokesperson for Intel claimed that the company was aware of the issue last fall, and had issued a patch to partially address the problem and prevent the affected PCs from being compromised.
The spokesperson added that "while the company cannot secure hardcoded ROM [in billions of chips embedded] in existing computers, they are trying to devise patches that will quarantine all potential system attack targets" and eliminate the risk of hacks.
That said, it is worth noting that carrying out mass attacks using this vulnerability won't be that straight-forward for hackers.
Specifically, an attacker would need to have access to your local network or machine in order to exploit the bug and steal all the data.
Plus, they'd also have to extract an encrypted chipset key, which can block the attack.
Love Science news?
Subscribe to stay updated.