Intel breathes a sigh of relief as the spotlight moves off of them for a beat.

  • db2@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    3 months ago

    It does mean that any secondhand computer or CPU (or even CPU from a sketchy source) could be compromised prior to being physically sold.

    It’s worse than that, any AMD chip from any source except maybe AMD directly is suspect. Mine is a few years old from Amazon supposedly new, for all I know it came compromised and is sitting there doing what I tell it to until it triggers and I won’t even know when or if it happens.

    • rhombus@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 months ago

      If I understand it correctly, the chip has the vulnerability, but the malware would be installed on the motherboard in the form of a bootkit. So getting a used CPU is not a threat, but getting a used motherboard is (and kind of always has been) a risk.

      • db2@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        3 months ago

        It allows for adulteration of firmware, the CPU has firmware. 🤷

        • rhombus@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          3 months ago

          CPU firmware exploits are incredibly rare, if there even are any that exist beyond proof-of-concept. The chances of getting an infected CPU from this is so unlikely it’s practically impossible.

            • rhombus@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              1
              ·
              3 months ago

              Which, again, is an incredibly unlikely attack vector unless you have some government secrets on your computer. And chances are that any attack through the IME or PSP is trying to do an implant into the UEFI/BIOS and not the processor itself.