The security researchers of Positive Technologies
they believe there is one serious flaw in Intel's CPUs and chipsets, a
problem that seemed to have been resolved last May (security
Intel-SA-00213 update), but that actually
worse than previously thought. The "bug" affects the
most Intel CPUs and chipsets from the past five years is,
according to the researchers, not definitively resolvable. The only
option to leave the flaw behind opt for a recent one
platform with 10th generation Ice Lake CPU or disable Intel CSME-based encoding
data storage devices.
The vulnerability, traced as
CVE-2019-0090, affects the Converged
Security and Management Engine (CSME) Intel, previously called
Management Engine BIOS Extension (MEBx), a solution similar to the Platform
AMD Security Processor. Security researchers talk about it in a way
detailed in
This Page and in
this other.
CSME considered the cryptographic basis of all
technologies and firmware on the company's platforms. Mark Ermolov, lead
specialist for operating systems and Positive hardware security
Technologies, stated that CSME one of the first systems that starts and
responsible for cryptographic verification and authentication of the whole
firmware present on Intel PCs. For example, CSME loads
and check the UEFI / BIOS and PMC (Power Management Controller) firmware,
component that manages the power supply of the chipset.
The CSME also the cryptographic basis of other technologies
like Intel EPID (Enhanced Privacy ID), Intel Identity Protection, any
DRM (Digital Rights Management) or TPM (Trusted Platform Module) based solution
on firmware. In other words, CSME basically what is called the
"root of trust"of Intel PCs, which is what it always does
considered reliable by the system.
Following the update last May, yes
he thought the problem had been solved, as it was described as a bug
firmware that allowed an attacker with physical CPU access to
get privileges and run code from within CSME. Others too
technologies such as Intel TXE (Trusted Execution Engine) and SPS (Server Platform
Services) were involved.
Ermolov's new research reveals how the bug can be used to restore the "Chipset Key", the cryptographic key
mother who gives an attacker access to anything on a device. Ermolov claims that this bug can be also exploited through "access
local ", placing malware on a device and therefore not necessary to have
physical access to a system.
"The bad guys can get the key in many ways
different. For example, they can extract it from a lost or stolen laptop for
decipher confidential data. Suppliers, contractors or even employees with
physical access to the computer can get the key. In some cases, the
attackers can intercept the key remotely, provided that
have obtained local access to a target PC as part of a
multistage attack or if the manufacturer allows remote updates of the
internal device firmware, such as the Intel Integrated Sensor Hub, "say i
researchers.
Malware that must be able to execute code a
operating system level (root privileges) or BIOS, which is not entirely impossible
(already done in the past) for whom
he thinks he can puncture a component like CSME. The vulnerability affects the ROM
CSME boot during system initialization and allows
the extraction of the Chipset Key with various methods in that situation. The vulnerability could be
used for offensive purposes,
like extracting the Chipset Key of a server in order to decrypt the
traffic and other data, but at the same time it could be used to bypass DRM protections and make copies of copyrighted content.
Positive Technologies researchers in the coming months
will publish a document on the vulnerability. Intel, contacted by
Zdnet, ha
reiterated that the bug can only be exploited through physical access and has
invited to apply the updates of May 2019.
