Intel processors have a hardware level flaw that can’t be fixed, say cyber-security researchers. (Image source: Bloomberg)
After the ‘Meltdown’ and ‘Spectre’, the two processor level flaws created a panic in the tech world in 2018, another vulnerability has been reported that impacts Intel’s chipsets from the last five years. What’s worse is that the researchers at Positive Technologies, who found the flaw are indicating that there might not be a fix available for this, given the problem exists at a hardware level.
The vulnerability is present in both hardware and the firmware of the boot ROM for Intel’s Converged Security and Management Engine (CSME), notes the blog post. The flaw could impact hardware-level encryption on a device and allow hackers to run malicious code or programs that could steal passwords, and other sensitive data on a device. The researchers also plan to release a white paper with more technical details on how the exploit actually works.
What exactly is the issue on the Intel chipsets?
The vulnerability exists in the boot ROM (Read-Only Memory) of Intel’s Converged Security and Management Engine (CSME), though this is not a new issue, but rather, a 2019 issue that is much worse that what was previously thought.
“The problem is not only that it is impossible to fix firmware errors that are hard-coded in the Mask ROM of microprocessors and chipsets. The larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole,” notes the blogpost by the security firm.
The Intel CSME firmware is “responsible for initial authentication of Intel-based systems by loading and verifying all other firmware for modern platforms.” To put it simply, CSME is the security feature part of all Intel CPUs, and one which verifies and authenticates all other firmware that runs on a computer.
It also is the basis for “hardware security technologies developed by Intel and used everywhere” on the device, points out the blog. This includes the Enhanced Privacy ID or EPID, which is used for “protecting digital content, securing financial transactions, and performing IoT attestation.” All of this could be compromised with an attack on the CSME.
Intel has said the security flaw from 2019 has been fixed. Researchers however claim there are more ways to exploit it. Intel logo is seen in this file photo. (Image source: Bloomberg)
Further, CSME implements the Trusted Platform Module (TPM) software as well. TPM ensures disk-level encryption and usually requires a separate chip for this. However, the TPM software module ensures storing encryption keys without the need for a separate chip. The researchers point out that many computers do not have a dedicated TPM chip, and the vulnerability would leave them exposed as well.
The researchers believe the bug can give hackers the ability to tract the ‘chipset key’, which is the same for an “entire generation of Intel chipsets,” and this could cause chaos. That’s because getting access to the Chipset Key would allow for forging of hardware IDs, extracting digital content and decrypting data from encrypted disks.
Are all Intel chipsets impacted by the flaw?
It would appear that only Intel’s latest 10th generation processors are not impacted by the flaw. Every other chipset is impacted and researchers are indicating that fixing the problem might not be possible, unless there is a hardware overhaul. Further, this bug was actually reported in 2019, though at the time Intel had issued a patch to fix the problem, which is numbered CVE-2019-0090.
Intel had also said at the time that there was no evident of anyone carrying out the attack in the real world and called it a complex task. But according to the researchers, Intel’s patch only fixes one possible vector of attack, and that there are many more ways to exploit this vulnerability.
“We think there might be many ways to exploit this vulnerability in ROM. Some of them might require local access; others need physical access,” wrote Mark Ermolov, the lead specialist of OS and hardware security at security firm Positive Technologies in the blog post.
In a statement to ArsTechnica regarding the latest finding, Intel said they were “notified of a vulnerability potentially affecting the Intel Converged Security Management Engine in which an unauthorised user with specialised hardware and physical access may be able to execute arbitrary code within the Intel CSME subsystem on certain Intel products.”
What are some ways attackers could exploit this flaw?
In an email response to ArsTechnica, Mark Ermolov explained that the attackers could execute special code and run a keylogging program to read keystrokes and effectively steal passwords or other secure data from a device. He also said that such malicious code might not be detected by any antivirus programs, given it is working at a hardware level.