Unfixable vulnerability found in Intel CPUs

A little over a month ago, we reported on a speculative execution vulnerability found in Intel CPUs, adding to the growing list of similar vulnerabilities. However, yesterday, a team of security researchers revealed a new kind of vulnerability in Intel CPUs. Positive Technologies published a blog post detailing a flaw in Intel’s Converged Security and Management Engine (CSME) firmware.

Intel CSME is the cryptographic basis for hardware security technologies developed by Intel and used everywhere, such as DRM, fTPM, and Intel Identity Protection.

This flaw is located in the Read-Only-Memory (ROM), which means it is hard-coded and so cannot be fixed. This feature of the vulnerability sets it apart from all the speculative execution vulnerabilities, which can be patched. That said, according to the blog post, when the security group reached out to Intel in order to report the vulnerability, they found that Intel already knew about the vulnerability and was attempting to address it. The vulnerability was registered last year in the Common Vulnerabilities and Exposures system as CVE-2019-0090, and has a vulnerability score of 7.1 (high).

Intel understands they cannot fix the vulnerability in the ROM of existing hardware. So they are trying to block all possible exploitation vectors. The patch for CVE-2019-0090 addresses only one potential attack vector, involving the Integrated Sensors Hub (ISH). We think there might be many ways to exploit this vulnerability in ROM. Some of them might require local access; others need physical access.

The vulnerability affects all Intel chipsets and SoCs currently available, excepting Ice Point. The widespread nature of the vulnerability is not good news for those who own devices with Intel CPUs manufactured in the last five years.

By exploiting vulnerability CVE-2019-0090, a local attacker could extract the chipset key stored on the PCH microchip and obtain access to data encrypted with the key. Worse still, it is impossible to detect such a key breach. With the chipset key, attackers can decrypt data stored on a target computer and even forge its Enhanced Privacy ID (EPID) attestation, or in other words, pass off an attacker computer as the victim’s computer. EPID is used in DRM, financial transactions, and attestation of IoT devices.

0 0 vote
Article Rating
Nathan Wasson

Inquiring mind, tech journalist, car enthusiast, gamer.

Subscribe
Notify of
guest
8 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Granyala
Granyala
4 months ago

If it requires the dude to sit at our computer, the vulnerability is inconsequential to most consumers.

Blastdoor
Blastdoor
4 months ago
Reply to  Granyala

Yeah, somebody should tell Microsoft and Apple that they wasted their time with bitlocker/FileVault.

Dreadcthulhu
Dreadcthulhu
4 months ago
Reply to  Granyala

Not a big deal for regular consumers, but a huge issue for any corporate or government computer with sensitive information on it; shady contractors or people pretending to be maintenance, or similar situations might let a person get brief physical access, and from what I can tell, that would be enough to pull data off that the corp/gov previously thought would be safely encrypted.

willmore
willmore
4 months ago
Reply to  Granyala

When most users use an OS which regularly reports remote execution vulnerabilities, how is your comment meaningful?

Krogoth
Krogoth
4 months ago

Intel: We already cancelled security in our products!

chuckula
chuckula
4 months ago
Reply to  Krogoth

Since this breaks DRM, if AMD did it then there would be millions of fanboys posting here about how this is a feature and that Lisa Su is their hero.

Krogoth
Krogoth
4 months ago
Reply to  chuckula

Nah, it is more like AMD fanboys will try to downplay the impact of this. (It does effect more than DRM).

Besides, AMD has own their problem.

https://www.tomshardware.com/news/new-amd-side-channel-attacks-discovered-impacts-zen-architecture

chuckula
chuckula
4 months ago

So DRM is being hacked?

Yawn.

8
0
Would love your thoughts, please comment.x
()
x

Pin It on Pinterest

Share This