A little over a month ago, we reported on a speculative execution vulnerability found in Intel CPUs, adding to the growing list of similar vulnerabilities. However, yesterday, a team of security researchers revealed a new kind of vulnerability in Intel CPUs. Positive Technologies published a blog post detailing a flaw in Intel’s Converged Security and Management Engine (CSME) firmware.
Intel CSME is the cryptographic basis for hardware security technologies developed by Intel and used everywhere, such as DRM, fTPM, and Intel Identity Protection.
This flaw is located in the Read-Only-Memory (ROM), which means it is hard-coded and so cannot be fixed. This feature of the vulnerability sets it apart from all the speculative execution vulnerabilities, which can be patched. That said, according to the blog post, when the security group reached out to Intel in order to report the vulnerability, they found that Intel already knew about the vulnerability and was attempting to address it. The vulnerability was registered last year in the Common Vulnerabilities and Exposures system as CVE-2019-0090, and has a vulnerability score of 7.1 (high).
Intel understands they cannot fix the vulnerability in the ROM of existing hardware. So they are trying to block all possible exploitation vectors. The patch for CVE-2019-0090 addresses only one potential attack vector, involving the Integrated Sensors Hub (ISH). We think there might be many ways to exploit this vulnerability in ROM. Some of them might require local access; others need physical access.
The vulnerability affects all Intel chipsets and SoCs currently available, excepting Ice Point. The widespread nature of the vulnerability is not good news for those who own devices with Intel CPUs manufactured in the last five years.
By exploiting vulnerability CVE-2019-0090, a local attacker could extract the chipset key stored on the PCH microchip and obtain access to data encrypted with the key. Worse still, it is impossible to detect such a key breach. With the chipset key, attackers can decrypt data stored on a target computer and even forge its Enhanced Privacy ID (EPID) attestation, or in other words, pass off an attacker computer as the victim’s computer. EPID is used in DRM, financial transactions, and attestation of IoT devices.