In a report, Positive Technologies was decidedly negative about Intel’s chips saying that its chipsets released in the last five years contain the vulnerability and attacks are impossible to detect, and a firmware patch only partially fixes the problem.
To protect devices that han dle sensitive operations, researchers recommend replacing CPUs with versions that are not impacted by this bug. Since this means only the latest Intel 10th generation chips it looks like the researches are saying “upgrade your Intel chips or die” although you could move to AMD.
The vulnerability is tracked as CVE-2019-0090, and it impacts the Intel Converged Security and Management Engine (CSME), formerly called the Intel Management Engine BIOS Extension (Intel MEBx).
The CSME is a security feature that's included with all recent Intel CPUs. It is considered a "cryptographic basis" for all other Intel technologies and firmware running on Intel-based platforms.
According to Mark Ermolov, Lead Specialist of OS and Hardware Security at Positive Technologies, the CSME is one of the first systems that start running and is responsible for cryptographically verifying and authenticating all firmware loaded on Intel-based computers.
It is a "root of trust" for every other technology running on Intel chipsets.
In May 2019, with the release of the Intel-SA-00213 security update, Intel patched a bug in Intel CPUs that impacted this root of trust -- the CSME.
At the time, the CVE-2019-0090 vulnerability was only described as a firmware bug that allowed an attacker with physical access to the CPU to escalate privileges and execute code from within the CSME. Other Intel technologies, like Intel TXE (Trusted Execution Engine) and SPS (Server Platform Services), were also listed as impacted.
But in research published today, Ermolov says the bug can be exploited to recover the Chipset Key, which is the root cryptographic key that can grant an attacker access to everything on a device.
Ermolov says that this bug can also be exploited via "local access" -- by malware on a device, and not necessarily by having physical access to a system. The malware will need to have OS-level (root privileges) or BIOS-level code execution access, but this type of malware has been seen before and is likely not a hurdle for determined and skilled attackers that are smart enough to know to target the CSME.
The vulnerability happens, according to Ermolov, because the CSME firmware is left unprotected on the boot ROM during early booting. The Chipset Key can be extracted via various methods during this short interval, the researcher said.
Ermolov plans to release a white paper with more technical details later this spring, at which time, members of the online piracy community will most likely take an interest in this bug as well.
Contacted for comment, Intel reaffirmed that the bug can only be exploited via physical access and urged users to apply the May 2019 updates.