New Intel chip technology designed to foil hackers

Intel logo A

Intel Tuesday announced a chip technology that the company said was designed to foil hackers who use fake emails to trick employees into revealing their usernames and passwords.

It could also give future corporate IT managers the option of eliminating long, ever-changing passwords and replacing them with short personal identification numbers, or fingerprints and other identifiers.

Intel Authenticate will be added to the company's line of sixth-generation processors and tested by some businesses before entering production, said Tom Garrison, an Intel vice president.

Intel will make Authenticate part of all the processors that it sells for enterprise PCs. The authentication system uses hardware-based "multifactor authentication"-more than one method of identifying a user-to keep hackers out, even if they obtain passwords.

Putting the authentication process on a chip makes the PC itself part of the security system, the company said.

Phishing - tricking people into revealing of passwords with phony emails -is a rising problem. Garrison said an estimated 117,000 corporate cyberattacks occur every day that involve phishing for a username and password.

Intel's new business processors will verify an employee's identity with a , proximity of the employee's mobile phone or badge, biometrics like a fingerprint, and location of the building the employee is in.

IT managers can decide which factors to embed in the chip, Garrison said. "IT has full control."

"One of the biggest keys to this is there is a secure element inside the Intel processor that manages all of this," said industry analyst Patrick Moorhead of Moor Insights & Strategy. "That wasn't available before. A lot of different pieces had to come together.

"Hardware is a lot harder to get into," he said. Someone armed with a password would be blocked by additional layers of security tucked away in the computer's processor, he said.

"lf you look at where attacks come, typically somebody gets you to give them your password with a fake email or text that says 'hey, log in' to a pirate website," he said.

"Now, you wouldn't have a single password. You would stick in your thumb, or look at the PC, have your phone near you, and be opening the PC where they know you work, and not somewhere in Lithuania," Moorhead said.

Explore further

Password hacks as simple as 1-2-3-4-5-6

©2016 San Jose Mercury News (San Jose, Calif.)
Distributed by Tribune Content Agency, LLC.

Citation: New Intel chip technology designed to foil hackers (2016, January 20) retrieved 20 September 2019 from
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Feedback to editors

User comments

Jan 20, 2016
"Hardware is a lot harder to get into," he said. Someone armed with a password would be blocked by additional layers of security tucked away in the computer's processor, he said.

Says a man of a company that has built a hardware-backdoor in their chipsets and processors since 1996.

There's a separate co-processor in all modern Intel CPUs that has a direct access to the network hardware and ability to poke all the memory of an Intel system, bypassing the operating system entirely. They also have the ability to change the microcode of the CPU itself, so it can be re-programmed with a built-in rootkit or other malware.

It works on the same mechanisms as Wake-On-LAN etc. It's offically a remote assistance and control tool for system managers, but it can be just as well used by third parties to bypass security if you know your way through the encryption, or if there's a bug that lets you through - which there have been.

Jan 20, 2016
I don't see why a hardware chip is required for two factor authentication, Steam has been using it for years.
Any login from a new 'device' triggers a request to your email to allow it.
Anyone who has your username and password would also need direct access to your email to get in.
I think this kind of system should be made a legal requirement personally.

Jan 20, 2016 keep hackers out

Unortunately Intel is an US based business - so there's always the question on whether they will have to incorporate backdoors for the NSA.

If there are local/trusted alternatives available I'd go for those.

I don't see why a hardware chip is required for two factor authentication

The reason is that you can always compromise software if you have access at the OS (or worse: BIOS) level. There is always a single point of weakness for any n-factor authentification - and that is the final bit that says "Access granted/denied". Putting that bit in dedicated hardware/firmware with no external dependencies makes it a little bit more secure.

Jan 21, 2016
so there's always the question on whether they will have to incorporate backdoors for the NSA.

There IS a backdoor in Intel hardware, and there's no question about it.

The only question is whether Intel has already given the necessary keys/methods to access it to the NSA, and the answer is "probably yes". You do of course need local network level access to it, through a compromized router perhaps.

Intel Active Management Technology (Intel AMT), a set of hardware-based features targeted at businesses. / allow remote access to the PC for management and security tasks, when an OS is down or PC power is off.[6][11] Note that AMT is not the same as Intel vPro; AMT is only one element of a vPro PC.
Remote configuration technology for AMT, with certificate-based security. Remote configuration can be performed on "bare-bones" systems, before the OS and/or software management agents are installed.[6][11][12]

Jan 21, 2016
Intel AMT includes:
Encrypted remote power up/down/reset (via wake-on-LAN, or WOL)[6][11]
Remote/redirected boot (via integrated device electronics redirect, or IDE-R)[6][11]
Console redirection (via serial over LAN, or SOL)[6][11]
Preboot access to BIOS settings[6][11]
Programmable filtering for inbound and outbound network traffic[6][11][13]
Agent presence checking[6][11][13]
Out-of-band policy-based alerting[6][11]

Starting with vPro with AMT 6.0, PCs with i5 or i7 processors and embedded Intel graphics, now contains an Intel proprietary embedded VNC server. You can connect out-of-band using dedicated VNC-compatible viewer technology, and have full KVM (keyboard, video, mouse) capability throughout the power cycle – including uninterrupted control of the desktop when an operating system loads.

So basically, yeah. A hardware backdoor to an Intel system with the ability to start your computer remotely and hijack every function

Jan 21, 2016
This is almost a zero knowledge article. A lot depends how the integration of the security systems are done and as noted, how easily they can be circumvented. After all, it's not good enough to just authenticate the hardware, you need to authenticate the user and applications too. This can't be done at the factory and will not be in hardware....

Jan 21, 2016
If there's any sort of master key or certificate to the Intel AMT, or any built-in bug or feature that allows you to bypass it, you can bet your ass the NSA has it. It's just too great an opportunity to ignore.

A Ring -3 rootkit was demonstrated by Invisible Things Lab for the Q35 chipset; it does not work for the later Q45 chipset as Intel implemented additional protections.[39] The exploit worked by remapping the normally protected memory region (top 16 MB of RAM) reserved for the ME. The ME rootkit could be installed regardless of whether the AMT is present or enabled on the system, as the chipset always contains the ARC ME coprocessor.

Another security evaluation by Vassilios Ververis showed serious weaknesses in the GM45 chipset implementation. In particular, it criticized AMT for transmitting unencrypted passwords

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more