Dive Brief:
- Intel is facing mounting scrutiny after revealing security vulnerabilities are present in the "management engine" feature on Intel CPUs, reports Fortune. The flaw is present on its newest 8th generation Core Processor series as well as older chip models released in 2015.
- Intel claims to have released patches for the chips, but Lenovo is the only manufacturer to make the update available to its customers. Software patches may never be available for the chips in IoT devices.
- The vulnerabilities act as a gateway for hackers to launch "unauthorized programs" or dismantle a network. However, Intel maintains that for most attacks to be carried out, a malicious actor would need access to the device in person.
Dive Insight:
Intel, a legacy chip maker, potentially opened the way for attackers on its customers' devices with the vulnerable chips. It is unknown how many users have been or will be impacted by the management engine bug, but the number of chips with the vulnerability make the situation bleak. Servers are among the impacted technologies.
However, the mishap is more about cybersecurity and the role vendors play in it. Both individual and enterprise consumers are dependent upon vendors to provide them with secure technologies. Though Intel's release of bugged chips was not intentional, it does bring up concerns of vendor trust and supply chain-style hacks.
Hackers exploited a maintenance tool, CCleaner, which is commonly used on Microsoft Windows to steal intellectual property. Though the impact of the attack is still relatively unknown, if at all harmful, it creates a new type of attack for people to worry about.