This was discovered by the folks over at Positive Technologies where they have found a vulnerability affecting Intel’s Converged Security Management Engine. It seems that Intel has known about this flaw and back in 2019, the company actually issued a patch to try and mitigate the issue, but the researchers have since found that it might not have done much.
According to the researchers, they have found that if this vulnerability were to be exploited, it would allow hackers to recover a root cryptographic key, which in turn would give the hacker pretty much unlimited access to all of the device’s data. It could then be used to decrypt inbound and outbound traffic from the impacted device, which could be a huge deal if used on Intel-based servers.
Positive Technologies researcher Mark Ermolov notes, “The problem is not only that it is impossible to fix firmware errors that are hard-coded in the Mask ROM of microprocessors and chipsets. The larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole.”
Thankfully, this flaw will require the attacker to have physical access to the computer they are hacking. This means that if your computer is always on your person and no one else has access to it, technically you would be “safe”.