Intel hardware trust is lost again?

Yet another bad sounding Intel processor security vulnerability is released and this could be big again. Little over two years ago I wrote about Meltdown and Spectre, and posted links to some following vulnerabilities.

Now an article Intel x86 Root of Trust: loss of trust from Positive Technologies details a new vulnerability. Researchers at enterprise security firm Positive Technologies discovered that this vulnerability could allow hackers to compromise platform encryption keys and steal sensitive information, adding the “unfixable vulnerability in Intel chipsets threatens users and content rightsholders.”

It seems that this vulnerability could jeopardized very many things Intel has done to build the root of trust and lay a solid security foundation on the company’s platforms.. destroys the chain of trust for the platform as a whole. The scenario that Intel system architects, engineers, and security specialists perhaps feared most is now a reality. A vulnerability has been found in the ROM of the Intel Converged Security and Management Engine (CSME). This is bad because Intel CSME is responsible for initial authentication of Intel-based systems by loading and verifying all other firmware for modern platforms. For instance, Intel CSME interacts with CPU microcode to authenticate UEFI BIOS firmware using BootGuard. Intel CSME also loads and verifies the firmware of the Power Management Controller responsible for supplying power to Intel chipset components.

Newsweek article https://www.newsweek.com/intel-csme-cpu-bug-unfixable-security-vulnerability-chipsets-five-years-1490746 says:

A new vulnerability has been discovered in Intel CPU chipsets, purportedly unfixable, which could threaten
enterprise users and content rights holders across the globe using chipsets released in the last five
years.
The exploit targets already known vulnerabilities in the Intel Converged Security and Management Engine,
which is responsible for the initial authentication of Intel-based systems by loading and verifying all
other firmware for modern platforms.

Article https://blog.ptsecurity.com/2020/03/intelx86-root-of-trust-loss-of-trust.html?m=1 says:

A vulnerability has been found in the ROM of the Intel Converged Security and Management Engine (CSME). This vulnerability jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company’s platforms. The problem is not only that it is impossible to fix firmware errors that are hard-coded in the Mask ROM of microprocessors and chipsets. The larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole.

Unfortunately, no security system is perfect. Like all security architectures, Intel’s had a weakness: the boot ROM, in this case. An early-stage vulnerability in ROM enables control over reading of the Chipset Key and generation of all other encryption keys.

The vulnerability discovered by Positive Technologies affects the Intel CSME boot ROM on all Intel chipsets and SoCs available today other than Ice Point (Generation 10). The vulnerability allows extracting the Chipset Key and manipulating part of the hardware key and the process of its generation. However, currently it is not possible to obtain that key’s hardware component (which is hard-coded in the SKS) directly. The vulnerability also sets the stage for arbitrary code execution with zero-level privileges in Intel CSME.

Sounds pretty bad. Arbitrary code execution with zero-level privileges is bad. Getting chipset keys used for firmware verification is also not good news (fuel for all kinds of nasty future hacks).

New Intel CSME CPU Bug is ‘Unfixable’ Security Vulnerability Affecting Chipsets Released Over Last Five Years. Zdnet article Intel CSME bug is worse than previously thought says Researchers say a full patch requires replacing hardware. Only the latest Intel 10th generation CPUs are not affected.

Intel has confirmed that it is aware of the discovery in its CSME and that it affects most Intel chipsets
released in the last five years
—other than Ice Point (Generation 10). They have posted advisory paper Intel® Converged Security and Management Engine, Intel® Server Platform Services, Intel® Trusted Execution Engine, and Intel® Active Management Technology Advisory (Intel-SA-00213)

According to descriptions the vulnerability is present in both hardware and the firmware of the boot ROM. According to descriptions there seems to be a time period when SRAM is susceptible to external DMA writes (from DMA to CSME, not to the processor main memory). Any platform device capable of performing DMA to Intel CSME static memory and resetting Intel CSME (or simply waiting for Intel CSME to come out of sleep mode) can modify system tables for Intel CSME pages, thereby seizing execution flow. So if yo are technically capable and has physical access to the computer, you could pull off some interesting tricks with this. Unscrupulous suppliers, contractors, or even employees with physical access to the computer can get hold of the key.

8 Comments

  1. Tomi Engdahl says:

    A major new Intel processor flaw could defeat encryption and DRM protections
    Security researchers claim it’s unfixable
    https://www.theverge.com/2020/3/6/21167782/intel-processor-flaw-root-of-trust-csme-security-vulnerability

    Security researchers are warning of a major new security flaw inside Intel processors, and it could defeat hardware-based encryption and DRM protections. The flaw exists at the hardware level of modern Intel processors released in the last five years, and could allow attackers to create special malware (like keyloggers) that runs at the hardware level and is undetectable by traditional antivirus systems. Intel’s latest 10th Gen processors are not vulnerable, though.

    “The problem is not only that it is impossible to fix firmware errors that are hard-coded in the Mask ROM of microprocessors and chipsets,” warns Ermolov. “The larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole.”

    Successful attacks would require skill and in most cases physical access to a machine, but some could be performed by other malware bypassing OS-level protections to perform local attacks. This could lead to data from encrypted hard disks being decrypted, forged hardware IDs, and even the ability to extract digital content protected by DRM.

    Positive Technologies plans to “provide more technical details” in a white paper that’s due to be published soon

    Reply
  2. Tomi Engdahl says:

    Paul Alcorn / Tom’s Hardware:
    Researchers detail two new side channel attacks that can leak secret data from all AMD CPUs made between 2011 and 2019

    New AMD Side Channel Attacks Discovered, Impacts Zen Architecture (AMD Responds)
    AMD processors from 2011 to 2019 impacted
    https://www.tomshardware.com/uk/news/new-amd-side-channel-attacks-discovered-impacts-zen-architecture

    “We are aware of a new whitepaper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way. The researchers then pair this data path with known and mitigated software or speculative execution side channel vulnerabilities. AMD believes these are not new speculation-based attacks.”

    It’s noteworthy that this advisory does not point to any mitigations for the attack in question, merely citing other mitigated speculative executions that were used as a vehicle to attack the L1D cache predictor. The researchers also used other methods to exploit the vulnerability, so the advisory is a bit nebulous.

    The university says it disclosed the vulnerabilities to AMD on August 23, 2019, meaning it was disclosed in a responsible manner (unlike the CTS Labs debacle), but there isn’t any word of a fix yet. We’ve pinged AMD for comment.

    We’ve become accustomed to news of new Intel vulnerabilities being disclosed on a seemingly-weekly basis, but other processor architectures, like AMD and ARM, have also been impacted by some vulnerabilities, albeit to a lesser extent. It’s hard to ascertain if these limited discoveries in AMD processors are triggered by a security-first approach to hardened processor design, or if researchers and attackers merely focus on Intel’s processors due to their commanding market share: Attackers almost always focus on the broadest cross-section possible. We see a similar trend with malware being designed for Windows systems, by far the predominant desktop OS, much more frequently than MacOS, though that does appear to be changing.

    Reply
  3. Tomi Engdahl says:

    Intel CPUs vulnerable to new LVI attacks
    https://www.zdnet.com/article/intel-cpus-vulnerable-to-new-lvi-attacks/
    Researchers say Intel processors will need another round of silicon
    chip re-designs to protect against new attack.
    Named Load Value Injection, or LVI for short, this is a new class of theoretical attacks against Intel CPUs.
    While the attack has been deemed only a theoretical threat, Intel has released firmware patches to mitigate attacks against current CPUs, and fixes will be deployed at the hardware (silicon design) level in future generations.

    Reply
  4. Tomi Engdahl says:

    Besides Meltdown and Spectre, other transient attacks were eventually discovered during the past two years, including the likes of Foreshadow, Zombieload, RIDL, Fallout, and LazyFP.

    Reply
  5. Jennifer Brooks says:

    Intel got a favorable position over AMD as far as speed.most intel processors made are quicker than AMD’s processor.some center i5 processors perform better than a portion of the athlon IIs and the phenom IIs.but then there’s some intel processors that are overrated.like the center 2 teams and the center 2 limits.

    Reply
  6. Tomi Engdahl says:

    Spectre exploits in the “wild”
    https://dustri.org/b/spectre-exploits-in-the-wild.html
    Someone was silly enough to upload a working spectre (CVE-2017-5753)
    exploit for Linux (there is also a Windows one with symbols that I
    didn’t look at.) on VirusTotal last month, so here is my quick Sunday
    afternoon lazy analysis.. In my lab, on a vulnerable Fedora, the
    exploit is successfully dumping /etc/shadow in a couple of minutes.
    Interestingly, there are checks to detect SMAP and abort if it’s
    present. I didn’t manage to understand why the exploit was failing in
    its presence.. Also
    https://therecord.media/first-fully-weaponized-spectre-exploit-discovered-online/
    “But while Voisin did not want to name the exploit author, several
    people were not as shy. Security experts on both Twitter and news
    aggregation service HackerNews were quick to spot that the new Spectre
    exploit might be a module for CANVAS, a penetration testing tool
    developed by Immunity Inc.

    Reply
  7. Tomi Engdahl says:

    AMD Chipset Driver Vulnerability Can Allow Hackers to Obtain Sensitive Data
    https://www.securityweek.com/amd-chipset-driver-vulnerability-can-allow-hackers-obtain-sensitive-data

    Chipmaker AMD has patched a driver vulnerability that could allow an attacker to obtain sensitive information from the targeted system.

    The flaw, tracked as ​​CVE-2021-26333 and classified by AMD as medium severity, affects the company’s Platform Security Processor (PSP) chipset driver, which is used by several graphics cards and processors.

    According to AMD, which described it as an information disclosure issue, an attacker who has low privileges on the targeted system can “send requests to the driver resulting in a potential data leak from uninitialized physical pages.”

    AMD has advised users to update the PSP driver to version 5.17.0.0 through Windows Update or update the Chipset Driver to version 3.08.17.735.

    Kyriakos Economou, co-founder of cybersecurity research and development company ZeroPeril, has been credited for discovering the vulnerability. In a technical advisory detailing the findings, the researcher noted that attacks are possible due to information disclosure and memory leakage bugs.

    https://zeroperil.co.uk/wp-content/uploads/2021/09/AMD_PSP_Vulnerability_Report.pdf

    Reply
  8. Nicki says:

    it could defeat hardware-based encryption and DRM protections. The flaw exists at the hardware level of modern Intel processors released in the last five years

    Reply

Leave a Reply to Jennifer Brooks Cancel reply

Your email address will not be published. Required fields are marked *

*

*