Flaw in Converged Security Management Engine could allow attackers to remotely extract root cryptographic key, leading to ‘utter chaos’, researchers warn
Intel has acknowledged a flaw in its processors that could allow attackers to bypass security controls including hardware-based encryption and digital rights management (DRM).
The company said exploitation of the issue in its Converged Security Management Engine (CSME) would likely require specialised equipment and physical access.
But the security researchers who discovered the flaw were less sanguine, arguing it is impossible to entirely fix.
Positive Technologies said that the issue affects all Intel chips manufactured in the past five years, and advised users to replace affected units with the company’s latest 10th Gen processors, which are not vulnerable.
Root cryptographic key
“Intel understands they cannot fix the vulnerability in the ROM of existing hardware. So they are trying to block all possible exploitation vectors,” said Positive researcher Mark Ermolov in an advisory.
Intel’s existing patches only address one means of attack, while many others are likely to exist, Ermolov said.
Some of these may be exploitable via malware installed on a system, without requiring an attacker to have physical access to that system, he said.
The problem is that the CSME firmware is left unprotected early on in the boot process, leaving it vulnerable to attack.
It is only a “matter of time” before attackers are able to extract the Chipset Key, the root cryptographic key that’s the basis for other hardware-based security controls, including hardware-based encryption and DRM, Ermolov argued.
Extracting that key would allow attackers to forge hardware IDs, extract DRM-protected content and decrypt encrypted hard drives, he said – a situation he described as “utter chaos”.
Chain of trust
“The problem is not only that it is impossible to fix firmware errors that are hard-coded in the Mask ROM of microprocessors and chipsets,” Ermolov said.
“The larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole.”
He said the vulnerability jeopardises everything Intel has done to “build the root of trust and lay a solid security foundation” for its platforms.
Intel downplayed the seriousness of the issue, designated CVE-2019-0090, saying exploitation would require “specialised hardware” and physical access, and noting that it has already released mitigations.
The company urged users to keep their systems up to date.
Positive Technologies said it plans to provide “more technical details” on the vulnerability in a white paper it plans to publish soon.