⋮    ⋮  

Intel searching for hackers to expand “Project Circuit Breaker” bug bounty program, claims AMD CPUs are more buggy

Submit

Intel announced yesterday the introduction of "Project Circuit Breaker," the company's newest way to gather the assistance of "elite hackers" to help improve the security within the company's hardware and software.

Intel sends out the call to all hackers to enlist in Project Circuit Breaker to help discover security flaws in Intel software and hardware

For the first time, security researchers and specialists will be able to work with Intel's product and security crews through real-time hacking occurrences that may contain bounty multipliers up to 4x. Contests like "capture the flag" and additional activities will assist and ready researchers for challenges, including admission to beta software and hardware, along with other distinctive prospects.

Intel To Disclose New Information on 14th Gen Meteor Lake & 15th Gen Arrow Lake CPUs at HotChips 34

Project Circuit Breaker will supplement Intel’s existing open Bug Bounty program, which rewards researchers for original vulnerability findings on any eligible branded products and technologies. This program helps Intel to identify, mitigate and disclose vulnerabilities; in 2021, 97 of 113 externally found vulnerabilities were reported through Intel’s Bug Bounty program. As demonstrated by Intel’s Security-First Pledge, the company invests extensively in vulnerability management and offensive security research for the continuous improvement of its products.

Project Circuit Breaker contains time-specific events on distinctive new platforms and technologies. Intel's first Project Circuit Breaker event is currently active, with twenty security researchers examining Intel Core i7 Tiger Lake processors.

Currently, some of the researchers* working with Intel are:

  • Hugo Magalhaes
  • breaker
  • allowetotima
  • dreamercat
  • mmg
  • avivanoa

What Intel is looking for in their line of "elite hackers":

  • Creative mindset
  • Ability to build, test, and iterate on a test hypothesis to identify new attack vectors
  • Interest/experience in computer systems, architecture, CPU.SOC chipsets, bios, firmware, drivers, and low-level coding
  • Ability to reverse engineer complex environments
  • Experienced in vulnerability research, exploit development, and responsible disclosure
  • Track record of vulnerability discovery/secure tool development or security publications

Intel has commented that its computer processors encountered 16 reported security vulnerabilities last year, which is less than the uncovered weaknesses that AMD's processors faced, which were 31 flaws. However, Intel leads in the number of discrepancies on graphics and the entire total of deficiencies for 2021. Almost half of Intel's graphics card vulnerabilities originate from an AMD graphics component used in its chip designs.

Intel Arc Graphics Cards Get ‘VRAM Self-Refresh’ Feature In Latest Linux Drivers

The information of fundamental flaws comes from Intel's new 2021 product security report, providing statistics that show the number of vulnerabilities and how Common Vulnerabilities and Exposure reports are organized and supply information about Intel's latest bug bounty program.

Intel contends that its processors encountered 16 security flaws in 2021, with six of the flaws detected by researchers in its previous bug bounty program. The other four vulnerabilities were discovered from within Intel. Intel located as many as 15 bugs internally regarding graphics discrepancies, while external sources found the remaining 36 through their program.

Intel primarily embeds its integrated graphics into Intel's processors. It is difficult to match these numbers fully since Intel's graphics units are embedded in their computer processors. The only exception to this is the company's Xe DG1.

Intel further explains that the CVE INTEL-SA-00481 for the company's Intel Core Processors with onboard AMD Radeon RX Vega M graphics reveals 23 vulnerabilities for AMD's devices. This information concerns the Intel Kaby Lake-G processors compared to the 8th Gen Intel Core processors with AMD's Radeon graphics appearing in laptops such as the Dell XPS 15 2-in-1 and the "Hades Canyon" NUC. Even with the issues falling on Intel's chip, AMD's sections showed the most significant amount of security vulnerabilities.

Intel went solely to external research for AMD's data, ranging from May to December of 2021. Intel's research states that it did not discover any CVEs attributed to AMD's internal investigation last year.

Graphics processing units had the loftiest number of CVEs for Intel last year, while ethernet and software vulnerabilities remained parallel at 34 vulnerabilities.

Intel discloses that its internal security research found 50% of vulnerabilities, while the external bug bounty program detected 43% of the issues. The remaining 7% is from open-source tasks or associations that cannot be included in Project Circuit Breaker.

If you want more information about Intel's new bug bounty program, check out the official website at ProjectCircuitBreaker.com.

Source: Project Circuit Breaker by Intel, Tom's Hardware

*Intel notes that some individuals working in the new program would like to remain anonymous.

Submit