If your laptop, desktop or server has an Intel processor other than the latest generation, don’t let anyone else get their hands on it.
That’s one of the key defences recommended after the revelation by security vendor Positive Technologies in a blog this week of a vulnerability in the ROM of the Intel Converged Security and Management Engine (CSME). In some cases, attackers with physical access to many Intel-powered devices could cause havoc.
The CSME does a lot of verification of onboard hardware systems. More importantly, the blog says, Intel CSME is the cryptographic basis for hardware security technologies developed by Intel and used everywhere, such as DRM (digital rights management), FTPM (firmware-based module that holds cryptographic keys), and Intel Identity Protection.
“This vulnerability jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company’s platforms,” indicated Positive Technologies. “The problem is not only that it is impossible to fix firmware errors that are hard-coded in the Mask ROM of microprocessors and chipsets. The larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole.”
The vulnerability doesn’t affect the latest 10th generation of Intel processors.
Intel has known about CSME problems since May, 2019, when it issued a security advisory (CVE-2019-0090). It disclosed there were multiple potential security vulnerabilities in Intel CSME), Server Platform Services (Intel® SPS), Trusted Execution Engine (Intel TXE), and Active Management Technology (Intel AMT) that could allow an attacker to escalate privileges, disclose information or cause a denial of service. At the time it issued firmware and BIOS updates.
However, Positive Technologie says the patch for CVE-2019-0090 addresses only one potential attack vector, involving the Integrated Sensors Hub (ISH). “We think there might be many ways to exploit this vulnerability in ROM. Some of them might require local access; others need physical access.”
In an email to IT World Canada, Positive Technolgy recommends users disable Intel CSME-based encryption of data storage devices. This can be achieved through refusing Windows BitLocker encryption via Intel PTT and using the password entered each time or a separate USB token. That is, just changing the BitLocker encryption settings.
It also recommends users contact their device or motherboard manufacturer for microchip or BIOS updates to address the vulnerability, and follow the mitigation recommendations provided by Intel.
Asked for comment on the blog, Intel emphasized its 2019 security guidance related to CVE-2019-0090. That includes “installing updates as soon as they become available and being continually vigilant to detect and prevent intrusions and exploitations.
“End users should maintain physical possession of their platform.”
In its analysis, Positive Technologies says an early-stage vulnerability in the boot ROM of many Intel systems enables control over the reading of the Chipset Key and generation of all other encryption keys. One of these keys is for the Integrity Control Value Blob (ICVB). With this key, attackers can forge the code of any Intel CSME firmware module in a way that authenticity checks cannot detect.
“This is functionally equivalent to a breach of the private key for the Intel CSME firmware digital signature, but limited to a specific platform,” says the blog.
All this causes a problem with a system’s EPID (Enhanced Privacy ID). EPID is a procedure for remote attestation of trusted systems that allows identifying individual computers. The problem “is not too bad for the time being,” according to Positive Technologies, because the Chipset Key is stored inside the platform in the One-Time Programmable (OTP) Memory, and is encrypted. To fully compromise EPID, hackers would need to extract the hardware key used to encrypt the Chipset Key, which resides in Secure Key Storage (SKS).
However, the blog adds, this key is not platform-specific. A single key is used for an entire generation of Intel chipsets. And since the ROM vulnerability allows seizing control of code execution before the hardware key generation mechanism in the SKS is locked, and the ROM vulnerability cannot be fixed, “we believe that extracting this key is only a matter of time.
“When this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted.”