Major flaw discovered in many Intel chips from the last five years

6 Mar 2020

Image: © michelmond/Stock.adobe.com

Intel responded to the report by releasing a patch that makes it more difficult to exploit the vulnerability in the chip.

On Thursday (5 March), security researchers from Positive Technologies published a report suggesting many Intel chips have a vulnerability that could “jeopardise everything Intel has done to build the root of trust and lay a solid security foundation”.

In a blogpost, which precedes a full-length white paper due to be released on the topic, the enterprise security company said that an “unfixable” flaw in nearly all Intel chips produced over the last five years allows attackers access to the read-only memory (ROM) of its chipsets and microprocessors.

Positive Technologies said that the vulnerability was discovered in the ROM of the Intel Converged Security and Management Engine (CSME), and it may be “impossible to fix” as the firmware errors are hard-coded in the mask ROM of microprocessors and chipsets.

Intel responded to the report by releasing a patch on Thursday, which makes it more difficult to exploit the vulnerability. The company thanked Positive Technologies, as well as a number of individuals, for reporting the issue.

Intel’s CSME

The CSME is a security feature that has been included in all recent Intel CPUs. Positive Technologies describes this as the “cryptographic basis for all other Intel technologies and firmware running on Intel-based platforms.”

Positive Technologies claimed that the flaw has been baked into millions of Intel processor chipsets that have been released over the last five years. Attacks are very difficult, if not impossible to detect, it added.

However, The Register described the flaw as a “tiny window of opportunity” that would likely be as difficult to exploit as “shooting a lone fish in a tiny barrel 1,000 miles away”.

Mark Ermolov, lead specialist of OS and hardware security at Positive Technologies, said that the CSME is responsible for cryptographically verifying and authenticating all firmware loaded onto Intel systems, such as the power management controller, which supplies the chipset with power.

Ermolov wrote: “Even more importantly, Intel CSME is the cryptographic basis for hardware security technologies developed by Intel and used everywhere, such as DRM, fTPM, and Intel Identity Protection.”

‘No security system is perfect’

Positive Technologies said that Intel has “tried to make this root of trust as secure as possible”, designing it so that even arbitrary code execution in any Intel CSME firmware module would not jeopardise the root cryptographic key, but only the specific functions of that particular module.

“Unfortunately, no security system is perfect,” it added. “Like all security architectures, Intel’s had a weakness: the boot ROM, in this case. An early-stage vulnerability in ROM enables control over reading of the chipset key and generation of all other encryption keys.”

Ermolov said that there are multiple ways that an attacker could exploit this vulnerability, for instance, with a stolen or lost laptop. In other cases, “unscrupulous suppliers, contractors or even employees with physical access to the computer can get hold of the key”, with Ermolov suggesting that there are also remote ways in which attackers could intercept the key.

Gizmodo reported that even with access, it would take a “sophisticated hacker armed with significant experience and specialised gear” to exploit this vulnerability. However, if this were to happen, it could represent a “serious threat”.

Kelly Earley was a journalist with Silicon Republic

editorial@siliconrepublic.com