The vulnerability, tracked as CVE-2019-0090, resides in the hard-coded firmware running on the ROM ("read-only memory") of the Intel's Converged Security and Management Engine (CSME), which can't be patched without replacing the silicon.
Intel CSME is a separate security micro-controller incorporated into the processors that provides an isolated execution environment protected from the host opening system running on the main CPU.
It is responsible for the initial authentication of Intel-based systems by loading and verifying firmware components, root of trust based secure boot, and also cryptographically authenticates the BIOS, Microsoft System Guard, BitLocker, and other security features.
Although this insufficient access control vulnerability is not new and was previously patched by Intel last year when the company described it just as a privilege escalation and arbitrary code execution in Intel CSME firmware modules, the extent of the flaw remained undervalued.
Researchers at Positive Technologies have now found that the issue can also be exploited to recover the Chipset Key, a root cryptographic key or sort of a master password that could help unlock and compromise a chain of trust for other security technologies, including digital rights management (DRM), firmware Trusted Platform Module (TPM), and Identity Protection Technology (IPT).
That means the flaw could be exploited to extract data from encrypted hard-drives and to bypass DRM protections and access copyright-protected digital content.
"Intel's security is designed so that even arbitrary code execution in any Intel CSME firmware module would not jeopardize the root cryptographic key (Chipset Key)," the researchers said.
"Unfortunately, no security system is perfect. Like all security architectures, Intel's had a weakness: the boot ROM, in this case. An early-stage vulnerability in ROM enables control over reading of the Chipset Key and generation of all other encryption keys."
"We believe extracting this key is only a matter of time. When this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted."
Therefore, the security patches released by Intel are incomplete and can not entirely prevent sophisticated attacks, leaving millions of systems at the risk of digital attacks that are nearly impossible to detect and patch.
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
Moreover, since the ROM flaw can be exploited by an attacker with physical access before the system even boots up, it can't be patched with a software update.
"The problem is not only that it is impossible to fix firmware errors that are hard-coded in the Mask ROM of microprocessors and chipsets," the researchers said.
"The larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole."
According to researchers, only the latest Intel 10th generation processors, Ice Point chipsets and SoCs, are not vulnerable to this issue.
More precisely, the vulnerability affects Intel CSME versions 11.x, Intel CSME version 12.0.35, Intel TXE versions 3.x, 4.x, and Intel Server Platform Services versions 3.x, 4.x, SPS_E3_05.00.04.027.0.