close
Written by Anthony Carballo
on March 11, 2020

Researchers have discovered a new vulnerability that affects Intel processors, and that, for now, has no solution.

A recent failure in the ROM of the converged security and management engine (CSME) jeopardizes the security of some Intel processors.

This vulnerability was initially reported in June 2019. Although a patch was released to mitigate it, the reality is that the only solution is to upgrade to a tenth-generation Intel processor or opt for another brand.

To exploit this vulnerability, an attacker should have physical access to the machine; in theory, it cannot be exploited remotely.

 

How it works

According to investigators, an attacker could manipulate the code of any firmware module in a way that authenticity checks cannot detect it. This vulnerability affects the Intel CSME boot ROM, being able to extract the chipset key and manipulate part of the hardware key and the process of its generation. This failure would also allow the execution of arbitrary code with zero level privileges in the subsystem.

 

Conclusions

The vulnerability seemed harmless back in 2019. However, it has proved to be a real security issue for almost all new Intel processors.

Unfortunately, at the time of writing, Intel has no patch for this vulnerability, all you can do for now, is either, upgrade to the 10th generation or buy another brand which involves changing the motherboard due to the socket compatibility.

This vulnerability affects all Intel processors manufactured in the last five years except the tenth generation. Besides, they have determined that even with the latest firmware version available, the vulnerability is still present.

According to the researchers, it is impossible to correct firmware errors that are encoded in the ROM. This vulnerability compromises the equipment at the hardware level. The problem for Intel is that the CSME subsystem is the basis of the hardware security technologies developed by the company.

The CSME is one of the first systems to run and is responsible for loading and verifying all computer firmware. Examples of this are the UEFI BIOS firmware, as well as the one dedicated to the power management controller that regulates the processor power supply.

If an adversary obtains the chipset key, they can decrypt any data encrypted using Intel Platform Trust Technology. So, any data that was encrypted using Intel PTT technology could be decrypted.

Although the chipset key is encrypted within OTP memory, it is a matter of time for attackers to extract it.

 

Advice

Intel advice users to prevent physical access to their devices, installing updates as soon as they become available, and ensuring that they can detect and prevent intrusions and exploitation, well, sounds like a good time to have installed CyberEasy.

Let Us Know What You Thought about this Post.

Put your Comment Below.

You may also like:

Vulnerability Threat report

Flaw in WhatsApp – A backdoor to hack your computer

A group of researchers has found several security flaws in WhatsApp that are threatening thousands of computers. One of ...

Threat report

Ryuk ransomware - The ransomware that switches on your computer.

You probably think that when a computer is turned off nothing terrible could happen to it, with this new ransomware vari...

Vulnerability Threat report

CryptoAPI Spoofing Vulnerability, Windows flaw discovered by the NSA

Microsoft released patches addressing 49 vulnerabilities as part of their monthly Patch Tuesday announcement. Among the ...