New Intel Chipset Bug: ‘Utter Chaos Will Reign’
A new angle on an old Intel bug is making heads spin this week. There are serious concerns that it undermines the entire security/management engine on most modern Intel chips.
Intel appears to have its head in the sand. It’s just telling people to install the old patch, but the researchers who discovered the flaw say it’s unpatchable.
“Buy new hardware,” seems to be the advice. In today’s SB Blogwatch, we try not to panic.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: DIY.
Trust Me
What’s the craic, Catalin? Mister Cimpanu reports—“Intel CSME bug is worse than previously thought”:
Attacks are impossible to detect, and a firmware patch only partially fixes the problem. … Only the latest Intel 10th generation chips are not vulnerable, researchers said.
…
CVE-2019-0090 … impacts the Intel Converged Security and Management Engine (CSME), formerly called the Intel Management Engine BIOS Extension (Intel MEBx). [It] is responsible for cryptographically verifying and authenticating all firmware loaded on Intel-based computers.
…
The CSME is also “the cryptographic basis” for other Intel technologies like Intel EPID (Enhanced Privacy ID), Intel Identity Protection, any DRM (Digital Rights Management) technologies, or firmware-based TPMs (Trusted Platform Modules). [It’s] a “root of trust” for every other technology running on Intel chipsets.
…
In May 2019 … the CVE-2019-0090 vulnerability was only described as a firmware bug that allowed an attacker with physical access … to escalate privileges and execute code. [But researchers say] the bug can be exploited to recover the Chipset Key, which is the root cryptographic key that can grant an attacker access to everything on a device [and the] bug can also be exploited via “local access” – by malware on a device, and not necessarily by having physical access.
…
[However] Intel reaffirmed that the bug can only be exploited via physical access.
And Dan Goodin quips, “FLAW INSIDE®”:
CSME … implements the firmware-based [TPM] used for silicon-based encryption, authentication of UEFI BIOS firmware, Microsoft System Guard and BitLocker, and other security features. The bug stems from the failure of the input-output memory management unit … to implement early enough in the firmware boot process.
That failure creates a window of opportunity … to execute malicious code … early in the boot process with the highest of system privileges. … The vulnerability can’t be patched with a firmware update.
…
“Intel was notified of a vulnerability potentially affecting the Intel Converged Security Management Engine in which an unauthorized user with specialized hardware and physical access may be able to execute arbitrary code within the Intel CSME subsystem on certain Intel products,” company officials wrote in a statement. “Intel released mitigations and recommends keeping systems up-to-date.”
However, Shaun Nichols smiles at this simile—“Exploitation is like shooting a lone fish in a tiny barrel 1,000 miles away”:
It’s claimed the momentary weakness could be one day exploited to wreak “utter chaos.” It is a fascinating vulnerability, though non-trivial to abuse.
…
CSME [is] a miniature computer within your computer. [It] is 486-based, and its software is derived from the free microkernel operating system MINIX.
…
[Exploitation is] like a sniper taking a shot at a sliver of a target as it darts past small cracks in a wall. [It] can be attempted when the machine is switched on, or wakes up from sleep, or otherwise when the CSME goes through a reset.
Are you sure? Mark Ermolov is Positive—“Intel x86 Root of Trust: loss of trust”:
[It’s] The scenario that Intel system architects, engineers, and security specialists perhaps feared most. … This vulnerability jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation. … It destroys the chain of trust for the platform as a whole.
…
Intel understands they cannot fix the vulnerability … so they are trying to block all possible exploitation vectors. The patch for CVE-2019-0090 addresses only one potential attack vector. … We think there might be many ways to exploit this vulnerability.
…
The vulnerability is present in both hardware and the firmware. … Most of the IOMMU mechanisms … are disabled by default. … Therefore, there is a period when SRAM is susceptible.
…
We discovered this mistake by simply reading the documentation, as unimpressive as that may sound.
Yeah, but good luck getting Intel to pay for a replacement CPU, right? Wrong, says AmiMoJo:
Do what I did and sue them. Back when Spectre first hit I took them to small claims court for the cost of the CPU, motherboard, RAM (because you couldn’t get new DDR3 boards any more) and my time swapping it all out.
…
I used the money to switch to AMD.
What the heck is going wrong at Intel? WhitePlainsDrifter knows:
Just complexity. Intel has spent the last 10 years or so slapping more stuff into its chips with each generation, including cache and SMP stuff to make them faster, and “trust” components to meet the demand of customers who care about that kind of thing.
…
But tick-tock deadlines and the demands of compatibility don’t permit Intel to design from the ground-up. That means hacks, new stuff duct-taped to old stuff, and a prayer that it all fits together without any leaks.
…
AMD has an advantage now as they’ve been forced to start over new.
Still, it needs physical access, so that’s okay. YetAnotherLocksmith scoffs sarcastically:
It’s in the office, and no-one but the boss, your Cow-orkers, all previous employees until they change the code, HR subbies, security, oh, and the below minimum wage cleaners have … access. Impregnable!
But Mac users are okay, because T2. Nope, says KarolofNine:
Macs are 100% definitely as vulnerable as PCs. Here’s why:
…
1. Intel first boot firmware loads
2. Nothing after this matters. … You can’t secure a process that the attacker has already taken control of.
…
The T2 chip provides zero additional protection, because an attacker can simply write it out of the boot process and run a version of the OS without security keys. If your response is “that’s not as simple as it sounds,” you’re right. Again: This attack requires a complex infrastructure to execute.
…
The T2 is going to rely on a handover from CSME to boot, and because that handover is compromised, the T2 is trusting an untrustworthy source.
Meanwhile, Aighearach brings good news (everyone): [You’re fired—Ed.]
Good news: the AMD CPU + motherboard costs the same as the bare Intel CPU.
And Finally:
If you plan to emulate, do read the video description.
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE.
