A flaw found in Intel chips lets attackers decrypt your hard drive, among other things. It can’t be fixed but instead mitigated with firmware patches (via The Register).
The flaw is found within the Converged Security and Mangeability Engine (CSME). This engine does many low-level tasks like controlling power levels, starting the main CPU, verifying and bottling firmware, and providing cryptographic functions. It’s the first thing that starts when you turn on your computer. It’s described as a mini computer because it has its own RAM, CPU, and boot ROM.
The CSME can protect its RAM so that the rest of the computer can’t use it. But there is a tiny window of opportunity between the system turning on and the CSME enabling its memory protection. During that window, it’s possible for a hacker to hijack the CSME. Physical access to the machine is required; this isn’t a remote exploit.
Once a hacker has control over the CSME they can extract its cryptographic keys used for such things like disk encryption. In the case of Macs this means FileVault. Once the keys are stolen the hacker can decrypt your hard drive.
However, this key is not platform-specific. A single key is used for an entire generation of Intel chipsets. And since the ROM vulnerability allows seizing control of code execution before the hardware key generation mechanism in the SKS is locked, and the ROM vulnerability cannot be fixed, we believe that extracting this key is only a matter of time.
“When this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted.
Intel says the only thing people can do is to install firmware mitigation’s and make sure to install the latest software updates. It affects Intel chips manufactured in the past five years, and can’t be completely fixed without replacing the actual chip.