According to researchers at security firm Positive Technologies, Intel chips that were released during the past five years contain a flaw that may allow hackers to overcome built-in security measures. The flaw is in the Converged Security and Management Engine (CSME), described as a subsystem inside CPUs and chipsets similar to AMD’s Platform Security Processor. Intel has issued a patch, but Positive Technologies said it may not be enough to protect systems containing the flawed products. Intel’s 10th generation processors are reportedly not among those affected.
Ars Technica reports that CSME, which “implements the firmware-based Trusted Platform Module used for silicon-based encryption, authentication of UEFI BIOS firmware, Microsoft System Guard and BitLocker, and other security features,” fails due to a bug in the input-output memory management unit.
More specifically, this unit fails to “implement early enough in the firmware boot process.” That lag is a “window of opportunity for other chip components, such as the Integrated Sensor Hub, to execute malicious code that runs very early in the boot process with the highest of system privileges.”
A firmware update may not fix the problem “because the flaw resides in the CSME mask ROM, a piece of silicon that boots the very first piece of CSME firmware.” Positive Technologies lead specialist of OS/hardware security Mark Ermolov reported that, “the larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole.”
Hackers can “exploit the flaw … [to] bypass security protections provided by Intel’s Enhanced Privacy ID (EPID) (which provides on-chip encryption capabilities) and digital rights management protections for proprietary data.” Ermolov noted that, “since the Intel CSME subsystem has special tools for intercepting any data passing through a USB controller (the so-called USB-Redirection), an attacker using this vulnerability could launch a special malicious code on Intel CSME that will read keystrokes (keylogger),” including passwords.
He added that the attacker could also “inject his code to run on a special controller, Intel Integrated Sensors Hub (ISH) … [and] attack Intel CSME.” “Thus, in most cases, the attacker does not need physical access to the vulnerable machine,” said Ermolov. Intel, however, “continues to suggest that the vulnerability is exploitable only when attackers have possession of a vulnerable machine.”
The Verge reports the malware that hackers could execute with the chip flaw “is undetectable by traditional antivirus systems.” It adds that a successful attack would “in most cases [require] physical access to a machine, but some could be performed by other malware bypassing OS-level protections to perform local attacks.”
Intel has downplayed the new security vulnerability,” notes The Verge, with a spokesperson stating that it has “released mitigations and recommends keeping systems up-to-date.” Positive Technologies will provide “more technical details” in a soon-to- be-published white paper. “Intel’s latest 10th Gen processors are not vulnerable.”
Intel Promises Full Memory Encryption in Upcoming CPUs, Ars Technica, 2/26/20