Intel CSME vulnerability allows hackers to break encryption and DRM

[Matrix]

Researchers say the issue is unfixable without replacing the hardware

 

 

 

A hot potato: Intel's largely undocumented master controller for its CPUs has a vulnerability that cannot be fixed, and is so severe that it can allow malicious actors to bypass storage encryption, copyrighted content protections, and take control of hardware sensors in IoT devices.

Security researchers have discovered that a new vulnerability present in Intel chipsets that have been released over the last five years is unfixable outside of replacing the hardware that's currently being used in millions of commercial and enterprise systems.

 

Specifically, this has to do with the Converged Security and Management Engine, which is essentially a tiny computer within your computer that has full access to all data that flows through your PC, from internal components to peripherals.

 

Intel has guarded the secrets of how this engine works in an effort to prevent competitors from copying it, but that hasn't prevented security experts from trying to crack their way in to see if it can be exploited by malicious actors.

 

 

The unfixable flaw was discovered by Positive Technologies, who says it's a firmware error that's hard-coded in the Mask ROM of Intel CPUs and chipsets. The problem is that Intel's CSME is also responsible for several security features, including the cryptographic protections for Secure Boot, digital rights management, and Enhanced Privacy ID (EPID). It also houses the Trusted Platform Module (TPM) that allows the OS and apps to store and manage keys for things like file system encryption.

 

Researchers explained that hackers can exploit a firmware error in the hardware key generation mechanism that allows them to take control of code execution. They noted that "when this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted."

 

The only recent platform immune to the problem is Intel's 10th generation, Ice Point chipsets and SoCs. However, the good news is that the attack method described by Positive Technology is rather difficult to achieve without other factors at play, such as direct physical access to the hardware in question.

 

This isn't the first time someone has managed to crack open Intel's ME subsystem. Security researchers uncovered other vulnerabilities in Intel's hardware in 2017 and 2018, not to mention the Spectre-style one from 2019 and the recently disclosed CacheOut attack, but at least those are fixable.

 

Source

[Karlston]

Flaw Inside® —

5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable

Converged Security and Management Engine flaw may jeopardize Intel's root of trust.

Enlarge / An 8th-generation Intel Core Processor.

Intel

49 with 40 posters participating

Virtually all Intel chips released in the past five years contain an unfixable flaw that may allow sophisticated attackers to defeat a host of security measures built into the silicon. While Intel has issued patches to lessen the damage of exploits and make them harder, security firm Positive Technologies said the mitigations may not be enough to fully protect systems.

 

The flaw resides in the Converged Security and Management Engine, a subsystem inside Intel CPUs and chipsets that’s roughly analogous to AMD’s Platform Security Processor. Often abbreviated as CSME, this feature implements the firmware-based Trusted Platform Module used for silicon-based encryption, authentication of UEFI BIOS firmware, Microsoft System Guard and BitLocker, and other security features. The bug stems from the failure of the input-output memory management unit—which provides protection preventing the malicious modification of static random-access memory—to implement early enough in the firmware boot process. That failure creates a window of opportunity for other chip components, such as the Integrated Sensor Hub, to execute malicious code that runs very early in the boot process with the highest of system privileges.

Jeopardizing Intel’s root of trust

Because the flaw resides in the CSME mask ROM, a piece of silicon that boots the very first piece of CSME firmware, the vulnerability can’t be patched with a firmware update.

 

“This vulnerability jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company's platforms,” Mark Ermolov, lead specialist of OS and hardware security at security firm Positive Technologies wrote in a post detailing the bug. “The problem is not only that it is impossible to fix firmware errors that are hard-coded in the mask ROM of microprocessors and chipsets. The larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole.”

 

Besides the Trusted Platform Module, attackers who successfully exploit the flaw can bypass security protections provided by Intel’s Enhanced Privacy ID (EPID) (which provides on-chip encryption capabilities) and digital rights management protections for proprietary data. It might also be possible to extract the chipset encryption key, which is identical on each chipset generation. Because exploits allow the modification of firmware, attackers could carry out other nefarious actions. In an email responding to a question about the extent of the potential damage caused by the exploit and how the exploit worked, Ermolov wrote:

Since the Intel CSME subsystem has special tools for intercepting any data passing through a USB controller (the so-called USB-Redirection), an attacker using this vulnerability could launch a special malicious code on Intel CSME that will read keystrokes (keylogger).

 

Such malicious code will not be detected by any antiviruses, since it works at the hardware level. And thus, the attacker can steal user passwords entered. For such an attack, in most cases it is enough for an attacker to be able to execute code locally on the attacked machine (at the operating system level, i.e., kernel mode local code execution). Further, he can inject his code to run on a special controller, Intel Integrated Sensors Hub (ISH).

 

As soon as he can execute code on ISH, through this vulnerability he could attack Intel CSME and already execute arbitrary code on this subsystem. And by extracting the chipset key, it can do this on an ongoing basis (persistence). Thus, in most cases, the attacker does not need physical access to the vulnerable machine. And yes, you are right, [by] having a chipset key, an attacker can bypass any data encryption that is used in Intel CSME (fTPM, DRM, Intel Identity Protection), and if the key has been extracted, it is no longer possible to change it and protect the system with any firmware update, since there is no longer a “foundation” on which defense would be built.

Exploiting the vulnerability—particularly reading the chipset key—would be a major technical feat that would require specialized gear and years of experience with firmware. Still, the flaw poses a serious threat on unpatched systems and may still be exploitable even on computers that have received updates that computer makers released last year to make exploitation harder.

 

“While a potential exploit for this issue appears to be fairly complicated, involving multi-stage chain compromising ISH or other firmware [and] then mounting a DMA [direct memory access] attack against CSME, the impact is very broad, and the issue cannot be patched via firmware update because it's in the mask ROM,” Yuriy Bulygin, CEO of Eclypsium, a firm that specializes in the security of firmware, said in an interview.

Mitigating the vulnerability

An Intel representative said on background that installing the CSME and BIOS updates with end of manufacturing set by the system manufacturer “should” mitigate local attacks. Physical attacks, in which attackers have possession of a targeted computer, might still be possible if CSME hardware-based anti-rollback features aren’t supported by a system manufacturer.

 

Anti-rollback features are generally available only on newer Intel systems. They can be applied by updating BIOS firmware on CSME 12-based platforms but only when those updates are supported by computer makers. Intel said last May that the vulnerability was discovered by an industry partner.

 

Thursday’s disclosure from Positive Technologies provides new details about vulnerability and ways to exploit it. Positive Technologies also cautions that the vulnerability may not be fully mitigated with updates. Intel has thanked the researchers but continues to suggest that the vulnerability is exploitable only when attackers have possession of a vulnerable machine.

 

“Intel was notified of a vulnerability potentially affecting the Intel Converged Security Management Engine in which an unauthorized user with specialized hardware and physical access may be able to execute arbitrary code within the Intel CSME subsystem on certain Intel products,” company officials wrote in a statement. “Intel released mitigations and recommends keeping systems up-to-date. Additional guidance specific to CVE-2019-0090 can be found here.”

 

The vulnerability affects about five years’ worth of Intel CPUs and chipsets. Intel called out systems running CSME firmware prior to versions 11.8.65, 11.11.65, 11.22.65, and 12.0.35, but as Positive Technologies has said, machines running other versions may not be fully protected against exploits. Both consumer and enterprise systems are vulnerable, but because the latter category relies more on on-chip security, it is likely affected more.

 

 

Source: 5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable (Ars Technica)  

[duddy]

Intel’s unfixable chip flaw could give hackers access to encrypted data

 

• Intel chips released in the last five years contain a severe hardware security flaw that would allow hackers to bypass encryption.

• A software patch will not suffice to permanently fix the problem. Instead, an upgrade to a next-gen Intel chip and an audit of existing hardware are advised.

• This kind of vulnerability can be likened with a backdoor in encryption.

 

Intelligence agencies and the tech sector have been debating encryption for a few years now. Spy agencies and cops want to be able to break encryption with the help of big tech companies to access sensitive data from devices belonging to suspects. At the same time, some of them fear hacks, especially those coming from other nation-states, and agree that encryption is needed both at the hardware and software level. But officials from several governments around the world would want secret keys that can access encrypted chats, emails, and calls. And they’d want those keys to be safe to handle. That’s an impossible dream at this point, and Intel’s newest chip flaw is proof of that.

 

Researchers discovered a flaw in Intel’s chips that opens encrypted data to hackers. It’s a brand new security issue, different from the vulnerabilities discovered a few years ago that affected chips from Intel, AMD, and ARM — those flaws were fixed via software updates, by the way.

 

The new flaw should not be a cause of concern for most people. The hacks aren’t necessarily easy to perform, according to researchers at Positive Security. But if you rely on encrypted hardware to safeguard sensitive information, someone that could be the target of a nation-state, or an executive at a company that’s about to announce a breakthrough innovation, then pay attention. Someone may try to steal data from your computer.

 

With enough time and resources, someone could crack your Intel-based laptop without you even knowing. Intel’s chips from the last five years all shipped with this vulnerability, and Intel can’t do anything about it. Anyone capable of accessing it would be able to hack into the latest MacBook Pro by cracking its encryption.

 

The flaw allows attackers to hack the computer’s encryption process, and then gain access to everything on board.

 

“For example, they can extract it from a lost or stolen laptop in order to decrypt confidential data,” Lead Specialist of OS and Hardware Security at Positive Technologies Mark Ermolov said. “Unscrupulous suppliers, contractors, or even employees with physical access to the computer can get hold of the key. In some cases, attackers can intercept the key remotely provided they have gained local access to a target PC as part of a multistage attack, or if the manufacturer allows remote firmware updates of internal devices, such as Intel Integrated Sensor Hub.”

 

Because it’s a read-only memory (ROM) flaw, Intel can’t offer a permanent fix. The only thing you can do is buy a brand new device featuring another chip, or replace your processor with a brand new Intel processor that doesn’t have the same flaw. That’s Positive Technologies’ recommendation, at least. If you suspect you may have been targeted by hackers, you might want to have your device inspected as well:

 

Since it is impossible to fully fix the vulnerability by modifying the chipset ROM, Positive Technologies experts recommend disabling Intel CSME based encryption of data storage devices or considering migration to tenth-generation or later Intel CPUs. In this context, retrospective detection of infrastructure compromise with the help of traffic analysis systems such as PT Network Attack Discovery becomes just as important.

 

Intel has a patch for the issue that should make it harder to exploit. But, again, this isn’t a permanent fix, and resourceful hackers will probably find ways to bypass it.

 

Now, imagine that tech companies installed backdoors into their devices and/or software to comply with law enforcement requests to access data from users. The minute those backdoors are discovered, anyone would be able to hack the encrypted devices with ease. Security vulnerabilities in software, like a backdoor, could be patched, of course. But once the word gets out that a company is building backdoors into their products, every dedicated hacker will keep hunting for security issues in all future products from said companies, regardless of software updates, in search of a new backdoor.

 

Source

[Karlston]

Similar topic merged from Technology News.