There could be a vulnerability in the Intel chipset which is at the heart of the computer you are using, whether it is a PC or a laptop. This flaw in the hardware has been detected by a research team and the more worrying aspect is that there is no fix for this vulnerability yet. The vulnerability is such that it can end up decrypting everything on your machine. This means you could suddenly lose all confidential information including passwords etc. Intel chips made in the past five years or so could be affected by this flaw.
The flaw has been discovered in the Boot ROM (Read Only Memory) of the Converged Security and Management Engine (CSME). The cryptographic chain of trust for the Intel computers starts with this memory component in the hardware and the malware makes an entry here leaving it very difficult to control later. The malware generates a Trusted Platform Module to execute its mischievous actions like encrypting the files in the affected system.
The CSME is crucial for carrying out several actions and functions within the system including authenticating the protection systems.
The only set of Intel chipsets that have escaped this malware is the latest generation ones.
The research findings indicate that the Chipset Key, which in a way is the master key to encrypt all hardware in the system, can stand compromised due to this malware. If infected, it can create a chaotic situation. Even if you had encrypted data on your computer, this malware can decrypt it.
Intel has reacted with caution saying it is aware of this vulnerability in its chipsets. As far as vulnerabilities go, whether it is in the software or hardware, they are identified by a unique reference number; CVE-2019-0090 is the number assigned to this vulnerability in the Intel chips.
Intel says no computer has so far been impacted by the malware (meaning there has not been any real attack due to the vulnerability or the vulnerability has not been exploited so far) in even a single case. Moreover, in Intel’s assessment, physical access to the machine is necessary to perpetrate the attack and some special equipment will be needed to execute the malicious commands.
Though Intel had sent a patch to fix this vulnerability in 2019, that did not fix the issue.