5 years of Intel processors and chipsets have a flaw that cannot be fixed

Virtually all Intel chips launched in the past five years contain an unpatched flaw that can allow sophisticated attackers to outsmart a multitude of security measures built into silicon. While Intel has released patches to reduce the damage from exploits and make them more difficult, security company Positive Technologies has said that mitigations may not be enough to fully protect systems.

The flaw lies in the Converged Security and Management Engine, a subsystem inside Intel processors and chipsets that is roughly analogous to the AMD platform security processor. Often abbreviated as CSME, this feature implements the firmware Safe platform module used for silicon-based encryption, authentication UEFI BIOS firmware, Microsoft System Guard and BitLocker and other security features. The bug stems from the failure of the I / O memory management unitwhich provides protection against malicious modification of static random access memoryto be implemented early enough in the firmware boot process. This failure creates a window of opportunity for other chip components, such as the Integrated Sensor Hub, to run malicious code that runs very early in the boot process with the highest system privileges.

Endanger Intels' Root of Trust

Because the flaw lies in the CSME ROM mask, a piece of silicon that starts the very first piece of CSME firmware, the vulnerability cannot be corrected with a firmware update.

This vulnerability jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on enterprise platforms, wrote Mark Ermolov, senior security specialist operating systems and hardware within the security firm Positive Technologies in a post detailing the bug. The problem is not only that it is impossible to fix the hard-coded firmware errors in the mask ROM of microprocessors and chipsets. The biggest concern is that, because this vulnerability allows compromise at the hardware level, it destroys the chain of trust for the platform as a whole.

In addition to the Trusted Platform Module, attackers who manage to exploit the flaw can bypass the security protections provided by Intels Enhanced Privacy ID (EPID) (which offers on-chip encryption capabilities) and digital rights management protections for proprietary data. It may also be possible to extract the encryption key from the chipset, which is identical to each generation of chipset. Because exploits allow firmware modification, attackers could perform other harmful actions. In an email responding to a question about the extent of the potential damage caused by the exploit and how the exploit worked, Ermolov wrote:

Since the Intel CSME subsystem has special tools for intercepting all data passing through a USB controller (what is known as USB redirection), an attacker using this vulnerability could launch malicious code special on Intel CSME which will read keystrokes (keylogger).

Such malicious code will not be detected by any antivirus, as it works at the hardware level. And thus, the attacker can steal the entered user passwords. For such an attack, in most cases, it is sufficient for an attacker to be able to execute code locally on the attacked machine (at the operating system level, i.e. the 39; local code execution in kernel mode). In addition, it can inject its code to run on a special controller, the Intel Integrated Sensors Hub (ISH).

As soon as he can execute code on ISH, thanks to this vulnerability, he could attack Intel CSME and already execute arbitrary code on this subsystem. And by extracting the key from the chipset, it can do so on a continuous basis (persistence). Thus, in most cases, the attacker does not need physical access to the vulnerable machine. And yes, you are right, (by) having a chipset key, an attacker can bypass any data encryption used in Intel CSME (fTPM, DRM, Intel Identity Protection), and if the key has been extracted, it is no longer possible to change it and protect the system with any firmware update, since there is no more base on which the defense would be based.

Exploiting the vulnerability, especially reading the chipset key, would be a major technical feat that would require specialized equipment and years of experience with the firmware. However, the flaw poses a serious threat to unpatched systems and can still be exploited even on computers that have received updates that computer manufacturers released last year to make it work. more difficult to operate.

Although a potential exploit for this problem seems to be quite complicated, involving a multi-step chain compromising ISH or other firmware (and) and then mounting a DMA (direct memory access) attack against CSME, the impact is very broad and the problem cannot be resolved. corrected via firmware update because it is in the mask ROM, said Yuriy Bulygin, CEO of Eclypsium, a firm specializing in firmware security, in an interview.

Mitigate vulnerability

A representative from Intel said in the background that installing CSME and BIOS updates with an end of manufacture defined by the system manufacturer should mitigate local attacks. Physical attacks, in which attackers have a targeted computer, could still be possible if anti-rollback functionality based on CSME hardware is not supported by a system manufacturer.

Anti-rollback functionality is generally only available on new Intel systems. They can be applied by updating the BIOS firmware on CSME 12 platforms, but only when these updates are supported by computer manufacturers. Intel said last May that the vulnerability was discovered by an industry partner.

Thursday's disclosure from Positive Technologies provides new details about the vulnerability and how to exploit it. Positive Technologies also warns that the vulnerability may not be fully mitigated with updates. Intel thanked the researchers but continues to suggest that the vulnerability can only be exploited when the attackers are in possession of a vulnerable machine.

Intel has been notified of a vulnerability which could affect the Intel converged security management engine in which an unauthorized user with specialized physical and physical access may be able to execute arbitrary code within the Intel CSME subsystem on certain Intel products, company officials said in a statement. Intel has released mitigations and recommends keeping the systems up to date. Additional advice specific to CVE-2019-0090 can be found here.

The vulnerability affects approximately five years of Intel processors and chipsets. Intel called systems running CSME firmware before versions 11.8.65, 11.11.65, 11.22.65 and 12.0.35, but as Positive Technologies said, machines running other versions may not not be fully protected from exploits. Consumer and enterprise systems are vulnerable, but since the latter category is more dependent on security on a chip, it is likely to be more affected.