Most Intel Corp. chipsets released in the past five years have been found to have a vulnerability that can be exploited to obtain encrypted data and compromise data protection.
Detailed today by researchers at Positive Technologies, the flaw was one of a range uncovered by Intel itself last year and initially addressed in May. However, the new research finds that the vulnerability itself is hardware-based, with no way of fixing it other than to replace affected chips.
The vulnerability relates directly to the Converged Security and Management Engine, a security feature in Intel central processing units and chipsets. The CSME implements a firmware-based Trusted Platform Module used for encryption, authentication of UEFI BIOS firmware, Microsoft System Guard, BitLocker and other security features such as digital rights management and identity protection technology.
In this case, the vulnerability allows hackers to exploit an error in the hardware key-generation mechanism that allows them to take control of code execution.
“An early-stage vulnerability in ROM enables control over reading of the Chipset Key and generation of all other encryption keys,” the researchers explained. “One of these keys is for the Integrity Control Value Blob. With this key, attackers can forge the code of any Intel CSME firmware module in a way that authenticity checks cannot detect. This is functionally equivalent to a breach of the private key for the Intel CSME firmware digital signature, but limited to a specific platform.”
The vulnerability can also be exploited by those looking to bypass digital rights management on copyright-protected content, “a boon for pesky software and digital content pirates,” Laptopmag noted.
The vulnerability can be found in Intel chips manufactured in approximately the last five years with the exception of the latest Intel 10th generation, Ice Point chipsets and SoCs.
Intel confirmed the vulnerability, telling Ars Technica that installing the CSME and BIOS updates with end of manufacturing set by the system manufacturer “should” mitigate local attacks. Physical attacks, where the hack has physical control of a targeted system, may still be possible if CSME hardware-based anti-rollback features aren’t supported by a system manufacturer.
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.