Cybersecurity and Flawed CPUs
We all know the importance of chips in IT and embedded systems. Without the processing power, we would have many boat anchors sitting around collecting dust. One manufacturer, Intel, is in the news once again.
New Warning Issued
Research is being done on different platforms across the world. There are labs actively seeking viable exploits on the equipment, from the chip to the system level. In this case, Positive Technologies researched this issue and detected the exploit with the Intel processors. The processors released in the last five years have a security flaw in the silicon. As this is in the silicon, it can’t be fixed or patched with a firmware update, which is a problem.
Target
The issue is with the Converged Security and Management Engine (CSME). This is a subsystem in the CPU, which takes care of the security tasks, securing the entirety of the firmware. This process is during the processor operations, beginning when the power button is pressed.
Exploit
The vulnerability is would, when successful, would allow the unauthenticated user to potentially enable escalation of privilege. This would lead to the attacker being able to extract the chipset key stored on the PCH microchip and gain access to the data encrypted with this key. This is clearly not the optimal situation. What makes this worse is, if there were to be an attack, it is not possible to detect this.
On a brighter note, all is not lost. The exploit is rather difficult to process. First, the attacker would need physical access to the processor and time to complete the attack. Second, the attack itself is by far not easy. If one of the steps was not easy, having to complete them both only makes this exponentially more difficult to complete in the unauthorized environment. In certain limited instances, the attack could be performed with malware engineered to bypass the target’s OS-level protections. While this is a significant detriment, the potential attack removes the chain of trust for the platform. Granted, this is still a possible attack, which is why there is attention being paid to this and mitigation put in place, correcting most of the issues. This sounds like a perfectly workable plan, however, there are so many known and unknown vectors, this is still a tough job.
Mitigations
While this is relatively serious, Intel has put in place mitigations. These mitigations were supposed to have done beginning in May 2019. Before the present mitigations are in place, the firmware and processor are still vulnerable when the system boots on. These, while the intent is in the right place, may not be sufficient to fully mitigate the issue.
As noted, the issue with CSME cannot be fixed since the firmware errors are hard-coded in the Mask ROM. Instead of researching and trying options repeatedly which don’t work to fix the direct issue, Intel took this in a different direction and addressed the attack vectors, indirectly working to fix the problem. There are a number of attack vectors with this.
References
Allan, D. (2020, March). Latest intel CPUs have ‘impossible to fix’ security flaw. Retrieved from https://www.techradar.com/news/latest-intel-cpus-have-impossible-to-fix-security-flaw
Dent, S. (2020, March 6). Researchers discover that intel chips have an unfixable flaw. Retrieved from https://www.engadget.com/2020-03-06-intel-chips-unpatchable-security-flaw.html
HalGameGuru. (2020, March 6). “Unfixable” security flaw found in intel CPUs. Retrieved from https://linustechtips.com/main/topic/1162393-unfixable-security-flaw-found-in-intel-cpus/
Help Net Security. (2020, March 12). Scientists expose another security flaw in intel processors. Retrieved from https://www.helpnetsecurity.com/2020/03/12/load-value-injection/
KW, T. (2020, March 22). Security experts have found another flaw in intel processors. Retrieved from https://klse.i3investor.com/blogs/future_tech/2020-03-22-story-h1485581927-Security_experts_have_found_another_flaw_in_Intel_processors.jsp
Lemos, R. (2020, March 6). Physical flaws: Intel’s root-of-trust issue mostly mitigated. Retrieved from https://www.darkreading.com/vulnerabilities---threats/physical-flaws-intels-root-of-trust-issue-mostly-mitigated/d/d-id/1337254
Positive Technologies. (2020, March 5). Positive technologies: Unfixable vulnerability in intel chipsets threatens users and content rightsholders. Retrieved from https://www.ptsecurity.com/ww-en/about/news/unfixable-vulnerability-in-intel-chipsets-threatens-users-and-content-rightsholders/
The Star. (2020, March 22). Security experts have found another flaw in intel processors. Retrieved from https://www.thestar.com.my/tech/tech-news/2020/03/22/security-experts-have-found-another-flaw-in-intel-processors
Warrant, T. (2020, March 6). A major new intel processor flaw could defeat encryption and DRM protections. Retrieved from https://www.theverge.com/2020/3/6/21167782/intel-processor-flaw-root-of-trust-csme-security-vulnerability
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.