James Steidl - Fotolia
An underlying flaw in Intel chipsets, which was originally disclosed in May of 2019, was recently discovered by Positive Technologies to be far worse than previously reported.
Researchers from the vulnerability management vendor discovered a bug in the read-only memory of the Intel Converged Security and Management Engine (CSME) could allow threat actors to compromise platform encryption keys and steal sensitive information. The Intel CSME vulnerability, known as CVE-2019-0090, is present in both the hardware and the firmware of the boot ROM and affects all chips other than Intel's 10th-generation "Ice Point" processors.
"We started researching the Intel CSME IOMMU [input-output memory management unit] in 2018," Mark Ermolov, lead specialist of OS and hardware security at Positive Technologies, said via email. "We've been interested in that topic especially because we've known that Intel CSME shares its static operative memory with the host (main CPU) on some platforms. Studying the IOMMU mechanisms, we were very surprised that two main mechanisms of CSME and IOMMU are turned off by default. Next, we started researching Intel CSME boot ROM's firmware to ascertain when CSME turns on the IOMMU mechanists and we found that there is a very big bug: the IOMMU is activated too late after x86 paging structures were created and initialized, a problem we found in October."
"Intel CSME is responsible for initial authentication of Intel-based systems by loading and verifying all other firmware for modern problems," Ermolov said. "It is the cryptographic basis for hardware security technologies developed by Intel and used everywhere, such as DRM, fTPM [firmware Trusted Platform Module] and Intel Identity protection. The main concern is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole."
Although Intel has issued patches and mitigations that complicate the attack, Positive Technologies said fully patching the flaw is impossible because firmware updates can't fully address all of the vectors.
"In the CVE-2019-0090 patch, Intel blocked ISH [Integrated Sensors Hub], so now it can't issue DMA transactions to CSME. But we're convinced there are other exploitation vectors and they will be found soon. To exploit a system that has not patched for CVE-2019-0090, an attacker doesn't need to be very sophisticated," Ermolov said.
In addition, Positive Technologies said extracting the chipset key is impossible to detect.
"The chipset key being leaked can't be detected by CSME or by the main OS," Ermolov said. "You're already in danger, but you don't know it. The attack (by DMA) also doesn't leave any footprint. When an attacker uses the key to compromise the machine's identity, this might be detected by you and you only, but only after it's happened when it is too late."
Once they've breached the system, threat actors can exploit this vulnerability in several ways, according to Positive Technologies.
"With the chipset key, attackers can pass off an attacker computer as the victims' computer. They can gain remote certification into companies to access digital content usually under license (such as videos or films from companies like Netflix)," the company said via email. "They can steal temporary passwords to embezzle money. They can pose as a legitimate point-of-sale payment terminal to charge funds to their own accounts. Abusing this vulnerability, criminals can even spy on companies for industrial espionage or steal sensitive data from customers."
Positive Technologies recommended disabling Intel CSME-based encryption or completely replacing CPUs with the latest generation of Intel chips.
This is the second vulnerability disclosed regarding Intel chips since January, when computer science researchers discovered a speculative execution attack that leaks data from an assortment of Intel processors released before the fourth quarter of 2018.