Friday, March 6th 2020
Researchers Find Unfixable Vulnerability Inside Intel CPUs
Researchers have found another vulnerability Inside Intel's Converged Security and Management Engine (CSME). For starters, the CSME is a tiny CPU within a CPU that has access to whole data throughput and is dedicated to the security of the whole SoC. The CSME system is a kind of a black box, given that Intel is protecting its documentation so it can stop its copying by other vendors, however, researchers have discovered a flaw in the design of CSME and are now able to exploit millions of systems based on Intel CPUs manufactured in the last five years.
Discovered by Positive Technologies, the flaw is lying inside the Read-Only Memory (ROM) of the CSME. Given that the Mask ROM is hardcoded in the CPU, the exploit can not be fixed by a simple firmware update. The researchers from Positive Technologies describe it as such: "Unfortunately, no security system is perfect. Like all security architectures, Intel's had a weakness: the boot ROM, in this case. An early-stage vulnerability in ROM enables control over the reading of the Chipset Key and generation of all other encryption keys. One of these keys is for the Integrity Control Value Blob (ICVB). With this key, attackers can forge the code of any Intel CSME firmware module in a way that authenticity checks cannot detect. This is functionally equivalent to a breach of the private key for the Intel CSME firmware digital signature, but limited to a specific platform."
Every CPU manufactured in the last 5 years is subject to exploit, except the latest 10th generation, Ice Point-based chipsets and SoCs. The only solution for owners of prior generation CPUs is to upgrade to the latest platform as a simple firmware update can not resolve this. The good thing, however, is that to exploit a system, an attacker must have physical access to the hardware in question, as remote exploitation is not possible.
Sources:
Positive Technologies, Thanks to the biffzinker for the tip
Discovered by Positive Technologies, the flaw is lying inside the Read-Only Memory (ROM) of the CSME. Given that the Mask ROM is hardcoded in the CPU, the exploit can not be fixed by a simple firmware update. The researchers from Positive Technologies describe it as such: "Unfortunately, no security system is perfect. Like all security architectures, Intel's had a weakness: the boot ROM, in this case. An early-stage vulnerability in ROM enables control over the reading of the Chipset Key and generation of all other encryption keys. One of these keys is for the Integrity Control Value Blob (ICVB). With this key, attackers can forge the code of any Intel CSME firmware module in a way that authenticity checks cannot detect. This is functionally equivalent to a breach of the private key for the Intel CSME firmware digital signature, but limited to a specific platform."
29 Comments on Researchers Find Unfixable Vulnerability Inside Intel CPUs
indicative of just how much intel fucked up lol
lol
time to lawyer up & get ready for yet anutha giga-mega $$$ hooplahfest against them...
Marketing move ? :peace:
we already got these:
This is important. We need an icon. Period.
Also, if you are going there, there is tons of other things you can do with raised local privlidges. An exploit allowing remote execution of elevated privlidges is far worse then this "requires local access" attack is. For general users, the risk is still "0".
Also one can argue that the risk is ”0” for almost any and all exploits, as you don’t have anything valuable on your computer anyway.
Just curious, what would an exploit of this nature allow someone to do?
If only I had the time...
2: "remote exploitation is not possible."
that is all that matters to me. doubtful old amd platforms are much better.
They are still exploring how to exploit this through a virtual machine (since they use IOMMUs to map out to the memory), but the exploit needing DMA to get into the Intel CSME makes that difficult without directly connecting to the hardware.