Researchers Find Unfixable Vulnerability Inside Intel CPUs

[AleksandarK]

Researchers have found another vulnerability Inside Intel's Converged Security and Management Engine (CSME). For starters, the CSME is a tiny CPU within a CPU that has access to whole data throughput and is dedicated to the security of the whole SoC. The CSME system is a kind of a black box, given that Intel is protecting its documentation so it can stop its copying by other vendors, however, researchers have discovered a flaw in the design of CSME and are now able to exploit millions of systems based on Intel CPUs manufactured in the last five years.

Discovered by Positive Technologies, the flaw is lying inside the Read-Only Memory (ROM) of the CSME. Given that the Mask ROM is hardcoded in the CPU, the exploit can not be fixed by a simple firmware update. The researchers from Positive Technologies describe it as such: "Unfortunately, no security system is perfect. Like all security architectures, Intel's had a weakness: the boot ROM, in this case. An early-stage vulnerability in ROM enables control over the reading of the Chipset Key and generation of all other encryption keys. One of these keys is for the Integrity Control Value Blob (ICVB). With this key, attackers can forge the code of any Intel CSME firmware module in a way that authenticity checks cannot detect. This is functionally equivalent to a breach of the private key for the Intel CSME firmware digital signature, but limited to a specific platform."



Every CPU manufactured in the last 5 years is subject to exploit, except the latest 10th generation, Ice Point-based chipsets and SoCs. The only solution for owners of prior generation CPUs is to upgrade to the latest platform as a simple firmware update can not resolve this. The good thing, however, is that to exploit a system, an attacker must have physical access to the hardware in question, as remote exploitation is not possible.

View at TechPowerUp Main Site

 

[Noztra]

Same old story...

 

[spnidel]

pretty funny when the reaction to yet another vulnerability from people is the equivalent of yawning
indicative of just how much intel fucked up lol

 

[oldtimenoob]

physical access to the hardware is required, so here is an idea.... lock the server room door... (Best firmware update)

 

[comtek]

Must have physical access to the hardware?
lol

 

[Dredi]

physical access to the hardware is required, so here is an idea.... lock the server room door... (Best firmware update)

The article is not correct in this regard. Local access should be enough, as in able to execute some code with raised privileges. So you are safe if you never execute 3rd party code. Time to disable that javascript from your browser.

 

[bonehead123]

Hummm...wondering just how long intel has known about this.....probably for quite some time, based on the chip timeline noted in the article ..

time to lawyer up & get ready for yet anutha giga-mega $$$ hooplahfest against them...

 

[Jeager]

Is it sponsored by Intel ? I mean : Every CPU manufactured in the last 5 years is subject to exploit, except the latest 10th generation
Marketing move ?

 

[Dave65]

OOPS. Sad days @ Intel!

 

[Thefumigator]

So... what would be the icon for such vulnerability?
we already got these:

This is important. We need an icon. Period.

 

[windwhirl]

So... what would be the icon for such vulnerability?
we already got these:
View attachment 147384
This is important. We need an icon. Period.

Not every research team has an artist. Or a marketing subteam lol

 

[john_]

Researchers Find Unfixable Vulnerability Inside Intel CPUs

 

[rtwjunkie]

So, much ado about nothing, since physical access is required.

Time to disable that javascript from your browser

Is anyone still using that?

 

[TheinsanegamerN]

The article is not correct in this regard. Local access should be enough, as in able to execute some code with raised privileges. So you are safe if you never execute 3rd party code. Time to disable that javascript from your browser.

Source?

Also, if you are going there, there is tons of other things you can do with raised local privlidges. An exploit allowing remote execution of elevated privlidges is far worse then this "requires local access" attack is. For general users, the risk is still "0".

 

[Dredi]

So, much ado about nothing, since physical access is required.


Is anyone still using that?

Read the original article. Physical access is not required. The first proof of concept needed it, but they think that it is possible to work around that limitation.

Source?

Also, if you are going there, there is tons of other things you can do with raised local privlidges. An exploit allowing remote execution of elevated privlidges is far worse then this "requires local access" attack is. For general users, the risk is still "0".

Lots of things yes, but things that are virtually undetectable by any means less so.
Also one can argue that the risk is ”0” for almost any and all exploits, as you don’t have anything valuable on your computer anyway.

 

[AnitaYK]

Is it sponsored by Intel ? I mean : Every CPU manufactured in the last 5 years is subject to exploit, except the latest 10th generation
Marketing move ?

THIS

 

[milewski1015]

Another day, another Intel security flaw

Just curious, what would an exploit of this nature allow someone to do?

 

[lexluthermiester]

I said this in the other thread about this new one and I'll echo it here;

Mitigation is the same as any of the rest of the vulnerabilities relating to Intel ME: disable the hardware, uninstall any relating drivers and software and use a network device not wired(built-on) to the motherboard itself. These steps will completely mitigate the vulnerabilities relating to this new discovery.

This of course is a recommendation for general users at home or professional/business users who have no need of the functions IME provides.

Just curious, what would an exploit of this nature allow someone to do?

Complete access and control of the system in question.

 

[rtwjunkie]

I said this in the other thread about this new one and I'll echo it here;

This of course is a recommendation for general users at home or professional/business users who have no need of the functions IME provides.

Complete access and control of the system in question.

So, an add-in NIC card would mitigate it, since it is not built on the motherboard? Or did I misunderstand you?

 

[lexluthermiester]

So, an add-in NIC card would mitigate it, since it is not built on the motherboard? Or did I misunderstand you?

Yes. The software also has to be removed so the network resources are not dynamically reassigned/reallocated.

 

[CrAsHnBuRnXp]

Another day, another Intel security flaw

Just curious, what would an exploit of this nature allow someone to do?

Watch untraceable pr0n.

Complete access and control of the system in question.

Which already is a thing if youre in front of the damn thing.

 

[Dredi]

Watch untraceable pr0n.


Which already is a thing if youre in front of the damn thing.

What a sick burn! Too bad that this allows for things to happen even without physical access.

 

[lexluthermiester]

Too bad that this allows for things to happen even without physical access.

Nope, reread the documentation. Physical access is required.

Which already is a thing if youre in front of the damn thing.

True, for the first stage of the attack, once successful all the rest can be done remotely.

 

[R-T-B]

This is actually incredibly useful for those desiring to overwrite the Intel ME with their own firmware.

If only I had the time...

 

[voltage]

1: "except the latest 10th generation, Ice Point-based chipsets and SoCs."

2: "remote exploitation is not possible."

that is all that matters to me. doubtful old amd platforms are much better.