New Intel chip technology designed to foil hackers

January 20, 2016 by Pete Carey, San Jose Mercury News
Intel logo A

Intel Tuesday announced a chip technology that the company said was designed to foil hackers who use fake emails to trick employees into revealing their usernames and passwords.

It could also give future corporate IT managers the option of eliminating long, ever-changing passwords and replacing them with short personal identification numbers, or fingerprints and other identifiers.

Intel Authenticate will be added to the company's line of sixth-generation processors and tested by some businesses before entering production, said Tom Garrison, an Intel vice president.

Intel will make Authenticate part of all the processors that it sells for enterprise PCs. The authentication system uses hardware-based "multifactor authentication"-more than one method of identifying a user-to keep hackers out, even if they obtain passwords.

Putting the authentication process on a chip makes the PC itself part of the security system, the company said.

Phishing - tricking people into revealing of passwords with phony emails -is a rising problem. Garrison said an estimated 117,000 corporate cyberattacks occur every day that involve phishing for a username and password.

Intel's new business processors will verify an employee's identity with a , proximity of the employee's mobile phone or badge, biometrics like a fingerprint, and location of the building the employee is in.

IT managers can decide which factors to embed in the chip, Garrison said. "IT has full control."

"One of the biggest keys to this is there is a secure element inside the Intel processor that manages all of this," said industry analyst Patrick Moorhead of Moor Insights & Strategy. "That wasn't available before. A lot of different pieces had to come together.

"Hardware is a lot harder to get into," he said. Someone armed with a password would be blocked by additional layers of security tucked away in the computer's processor, he said.

"lf you look at where attacks come, typically somebody gets you to give them your password with a fake email or text that says 'hey, log in' to a pirate website," he said.

"Now, you wouldn't have a single password. You would stick in your thumb, or look at the PC, have your phone near you, and be opening the PC where they know you work, and not somewhere in Lithuania," Moorhead said.

Explore further: Password hacks as simple as 1-2-3-4-5-6

444 shares

Related Stories

Intel buys password manager PasswordBox

December 1, 2014

Intel Corp. said Monday that it bought PasswordBox, a service that saves and remembers passwords so that users can log into different websites without having to remember or type in their passwords.

Comfort is important in identification

December 10, 2015

VTT Technical Research Centre of Finland has conducted a study about user attitudes to different personal identification methods. The most popular identification methods were internet banking access codes and passwords. The ...

Amazon orders reset for some customers' passwords

November 25, 2015

Amazon.com has required an undisclosed number of customers to reset passwords to their online accounts after the company said some passwords "may have been improperly stored" on devices.

Intel updates Atom processor roadmap

May 18, 2011

(PhysOrg.com) -- Intel is one the biggest names in PC processors, if not the single biggest, but as is the way with all markets as new things come in the landscape can change in the blink of an eye. When the hardware inside ...

Recommended for you

Samsung to disable Note 7 phones in recall effort

December 9, 2016

Samsung announced Friday it would disable its Galaxy Note 7 smartphones in the US market to force remaining owners to stop using the devices, which were recalled for safety reasons.

Swiss unveil stratospheric solar plane

December 7, 2016

Just months after two Swiss pilots completed a historic round-the-world trip in a Sun-powered plane, another Swiss adventurer on Wednesday unveiled a solar plane aimed at reaching the stratosphere.

Solar panels repay their energy 'debt': study

December 6, 2016

The climate-friendly electricity generated by solar panels in the past 40 years has all but cancelled out the polluting energy used to produce them, a study said Tuesday.

7 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

Eikka
5 / 5 (4) Jan 20, 2016
"Hardware is a lot harder to get into," he said. Someone armed with a password would be blocked by additional layers of security tucked away in the computer's processor, he said.


Says a man of a company that has built a hardware-backdoor in their chipsets and processors since 1996.

There's a separate co-processor in all modern Intel CPUs that has a direct access to the network hardware and ability to poke all the memory of an Intel system, bypassing the operating system entirely. They also have the ability to change the microcode of the CPU itself, so it can be re-programmed with a built-in rootkit or other malware.

It works on the same mechanisms as Wake-On-LAN etc. It's offically a remote assistance and control tool for system managers, but it can be just as well used by third parties to bypass security if you know your way through the encryption, or if there's a bug that lets you through - which there have been.
James_Morgan
not rated yet Jan 20, 2016
I don't see why a hardware chip is required for two factor authentication, Steam has been using it for years.
Any login from a new 'device' triggers a request to your email to allow it.
Anyone who has your username and password would also need direct access to your email to get in.
I think this kind of system should be made a legal requirement personally.
antialias_physorg
5 / 5 (2) Jan 20, 2016
...to keep hackers out

Unortunately Intel is an US based business - so there's always the question on whether they will have to incorporate backdoors for the NSA.

If there are local/trusted alternatives available I'd go for those.

I don't see why a hardware chip is required for two factor authentication

The reason is that you can always compromise software if you have access at the OS (or worse: BIOS) level. There is always a single point of weakness for any n-factor authentification - and that is the final bit that says "Access granted/denied". Putting that bit in dedicated hardware/firmware with no external dependencies makes it a little bit more secure.
Eikka
5 / 5 (2) Jan 21, 2016
so there's always the question on whether they will have to incorporate backdoors for the NSA.


There IS a backdoor in Intel hardware, and there's no question about it.

The only question is whether Intel has already given the necessary keys/methods to access it to the NSA, and the answer is "probably yes". You do of course need local network level access to it, through a compromized router perhaps.

https://en.wikipe...tel_vPro
Intel Active Management Technology (Intel AMT), a set of hardware-based features targeted at businesses. / allow remote access to the PC for management and security tasks, when an OS is down or PC power is off.[6][11] Note that AMT is not the same as Intel vPro; AMT is only one element of a vPro PC.
Remote configuration technology for AMT, with certificate-based security. Remote configuration can be performed on "bare-bones" systems, before the OS and/or software management agents are installed.[6][11][12]
Eikka
5 / 5 (2) Jan 21, 2016
Intel AMT includes:
Encrypted remote power up/down/reset (via wake-on-LAN, or WOL)[6][11]
Remote/redirected boot (via integrated device electronics redirect, or IDE-R)[6][11]
Console redirection (via serial over LAN, or SOL)[6][11]
Preboot access to BIOS settings[6][11]
Programmable filtering for inbound and outbound network traffic[6][11][13]
Agent presence checking[6][11][13]
Out-of-band policy-based alerting[6][11]


Starting with vPro with AMT 6.0, PCs with i5 or i7 processors and embedded Intel graphics, now contains an Intel proprietary embedded VNC server. You can connect out-of-band using dedicated VNC-compatible viewer technology, and have full KVM (keyboard, video, mouse) capability throughout the power cycle – including uninterrupted control of the desktop when an operating system loads.


So basically, yeah. A hardware backdoor to an Intel system with the ability to start your computer remotely and hijack every function
dbsi
not rated yet Jan 21, 2016
This is almost a zero knowledge article. A lot depends how the integration of the security systems are done and as noted, how easily they can be circumvented. After all, it's not good enough to just authenticate the hardware, you need to authenticate the user and applications too. This can't be done at the factory and will not be in hardware....
Eikka
5 / 5 (2) Jan 21, 2016
If there's any sort of master key or certificate to the Intel AMT, or any built-in bug or feature that allows you to bypass it, you can bet your ass the NSA has it. It's just too great an opportunity to ignore.

https://en.wikipe...chnology
A Ring -3 rootkit was demonstrated by Invisible Things Lab for the Q35 chipset; it does not work for the later Q45 chipset as Intel implemented additional protections.[39] The exploit worked by remapping the normally protected memory region (top 16 MB of RAM) reserved for the ME. The ME rootkit could be installed regardless of whether the AMT is present or enabled on the system, as the chipset always contains the ARC ME coprocessor.

Another security evaluation by Vassilios Ververis showed serious weaknesses in the GM45 chipset implementation. In particular, it criticized AMT for transmitting unencrypted passwords

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.