Most Intel chipsets released in the past five years are affected by a vulnerability that can be exploited to obtain encrypted data and compromise data protection technologies, Positive Technologies revealed on Thursday.
Intel first learned about the flaw, tracked as CVE-2019-0090, from a partner, and addressed it in an advisory published in May 2019. The weakness was later independently discovered by Positive Technologies, which has now published a blog post describing its findings. The company also plans on publishing a detailed research paper in the upcoming period.
According to Positive Technologies, CVE-2019-0090 is an unfixable vulnerability that affects the Converged Security and Management Engine (CSME) boot ROM on most Intel chipsets and system on chips (SoCs), except for Ice Point chipsets.
CSME is responsible for the initial authentication of Intel-based systems by loading and verifying firmware components. It authenticates the UEFI using BootGuard, it checks the Power Management Controller, and it also provides the cryptographic basis for Intel’s data protection technologies, including digital rights management (DRM), firmware Trusted Platform Module (TPM), and Identity Protection Technology (IPT).
The company’s researchers discovered that a vulnerability in the CSME boot ROM can pose a serious risk to users and organizations relying on Intel protection technology.
“An early-stage vulnerability in ROM enables control over reading of the Chipset Key and generation of all other encryption keys. One of these keys is for the Integrity Control Value Blob (ICVB). With this key, attackers can forge the code of any Intel CSME firmware module in a way that authenticity checks cannot detect. This is functionally equivalent to a breach of the private key for the Intel CSME firmware digital signature, but limited to a specific platform,” Positive Technologies explained in a blog post.
Mark Ermolov, lead specialist of OS and hardware security at Positive Technologies, told SecurityWeek that once an attacker has obtained this chipset key, they can decrypt any data encrypted using Intel Platform Trust Technology (PTT).
“Standard Windows BitLocker hard drive encryption supports Intel PTT if there isn’t a dedicated TPM chip. BitLocker is increasingly used in corporate Windows 10 machines to encrypt drives in order to prevent data theft or exposure. So any data that was encrypted using Intel PTT technology could be decrypted, such as bank account information, passwords and other log-in credentials, and any confidential files relating to intellectual property. Attackers can also write malware to run on Intel CSME with all consequences (stealing private information, completely blocking access to the computer and encrypting information, extorting money and so on),” Ermolov explained.
This chipset key can also be abused to forge a device’s Enhanced Privacy ID (EPID) attestation. EPID is used for the remote attestation of trusted systems. It enables the identification of individual computers and it has been used to protect digital content, secure financial transactions, and to provide IoT attestation.
While Intel claims that physical access is required to obtain the key, Positive Technologies says a remote attacker may also be able to achieve this task if they have access to the targeted PC.
Once the key has been obtained, Ermolov says, “the attacker, being at any place and at any time, can pretend to be the victim’s computer and, for example, perform financial operations on his behalf. Access to the victim’s computer is no longer needed.”
Positive Technologies has found a way to recover an encrypted chipset key, but in order to decrypt it they need a hardware key, which is strongly protected and they have yet to obtain it. However, the company believes it’s only a matter of time and pointed out that the same hardware key is used for an entire chipset model. Ermolov estimates that the hardware key will be obtained by the middle of 2020.
This means that, for the time being, the EPID remote certification scheme cannot be hacked, but Ermolov says an attacker can already achieve arbitrary code execution with elevated privileges on the CSME.
Positive Technologies has compared the vulnerability to an unpatchable iOS bootrom exploit released last year.
Intel has described the vulnerability as an insufficient access control issue that impacts CSME, as well as the Trusted Execution Engine Interface (TXE) and Server Platform Services (SPS).
Positive Technologies says Intel has been trying to address the issue by blocking potential exploitation vectors. The cybersecurity firm claims Intel has only patched one vector, but its experts believe there are multiple other ways to exploit the flaw.
Intel updated its initial advisory last month to credit Positive Technologies. The tech giant has emphasized previously provided security guidance related to CVE-2019-0090, advising users to prevent physical access to their devices, installing updates as soon as they become available, and ensuring that they can detect and prevent intrusions and exploitation.