If your computer isn’t running an up to date Intel 10th generation CPU, then I’ve got some bad news; an “unfixable” crypto vulnerability with impossible to detect exploits has been confirmed. Researchers have uncovered an Intel CPU read-only memory (ROM) vulnerability with the potential for attackers to compromise encryption keys and steal data. Mark Ermolov, the report author, said that it’s “impossible to fix firmware errors that are hard-coded in the Mask ROM of microprocessors and chipsets.” This is rather concerning when you take into account that a successful exploit would be at the hardware level and so, according to Ermolov, “it destroys the chain of trust for the platform as a whole.”
What is CVE-2019-0090, and why does it matter?
The CVE-2019-0090 vulnerability concerns the Converged Security and Management Engine (CSME) within most Intel CPUs released over the last five years, those 10th generation iterations being the exception. It’s a big deal because CSME is, in effect, the computer inside the Intel inside your computer. It provides the low-level cryptographic verifications when the motherboard boots, among other things. It’s the first thing that runs when you hit the power switch and the root of trust for everything that follows.
If CVE-2019-0090 sounds familiar, then firstly, you are a security geek of the first order. More importantly, it was disclosed back in May 2019 when Intel released a security update to fix it. That fix, it turns out, was but a partial one that dealt with just one potential attack vector. Although full details are being withheld at the moment, Ermolov did state in the Positive Technologies report that “there might be many ways to exploit this vulnerability in ROM,” not all requiring physical access, some just local malware-related access.
It’s not all bad news, out here in the real world
There is some good news among the bad, though, and we must keep the attack potential in real-world perspective: exploiting this vulnerability to any valuable end is far from easy. While the Enhanced Privacy ID (EPID) procedure at the heart of the root of trust mentioned before is vulnerable to a reading of the Chipset Key which could then allow an attacker to bypass authenticity checks in CSME firmware module code, that key itself is encrypted within the One-Time Programmable (OTP) memory. “To fully compromise EPID,” Ermolov said, “hackers would need to extract the hardware key used to encrypt the Chipset Key, which resides in Secure Key Storage (SKS).” This is not trivial by any means, and there is no evidence that anyone has figured out how to obtain the hard-coded hardware key component directly.
“We believe that extracting this key is only a matter of time,” Ermolov warned, adding that when this does happen, then “hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted.”
Eoin Keary, CEO and co-founder of edgescan, says that this is “a fundamental flaw which cannot be easily fixed with a simple patch, and it’s also extremely widespread. It cannot be fixed in the ROM of existing hardware.” He tempers this by agreeing that “a successful exploit would need to be advanced in nature and well-engineered by advanced threat actors.”
Intel offers mitigation guidance
An Intel spokesperson responded to my request for comment on the matter with the following statement by email: “Intel was notified of a vulnerability potentially affecting the Intel Converged Security Management Engine in which an unauthorized user with specialized hardware and physical access may be able to execute arbitrary code within the Intel CSME subsystem on certain Intel products. Intel released mitigations and recommends keeping systems up-to-date. Additional guidance specific to CVE-2019-0090 can be found here.”
Positive Technologies advises that since it’s impossible to totally fix the vulnerability without replacing the hardware, users should disable Intel CSME based encryption of data storage devices or consider migration to tenth-generation or later Intel CPUs.
Marco Essomba, founder of iCyber-Security, says that “since this vulnerability requires some sort of local or physical access to be exploited, it’s strongly recommended organizations review their physical access control security.” Implementing a defense in layer approach where security is enforced at both physical and software levels is also recommended by Essomba.