Intel CSME vulnerability allows hackers to break encryption and DRM
A hot potato: Intel’s largely undocumented master controller for its CPUs has a vulnerability that cannot be fixed, and is so severe that it can allow malicious actors to bypass storage encryption, copyrighted content protections, and take control of hardware sensors in IoT devices.
Security researchers have discovered that a new vulnerability present in Intel chipsets that have been released over the last five years is unfixable outside of replacing the hardware that’s currently being used in millions of commercial and enterprise systems.
Specifically, this has to do with the Converged Security and Management Engine, which is essentially a tiny computer within your computer that has full access to all data that flows through your PC, from internal components to peripherals.
Intel has guarded the secrets of how this engine works in an effort to prevent competitors from copying it, but that hasn’t prevented security experts from trying to crack their way in to see if it can be exploited by malicious actors.
The unfixable flaw was discovered by Positive Technologies, who says it’s a firmware error that’s hard-coded in the Mask ROM of Intel CPUs and chipsets. The problem is that Intel’s CSME is also responsible for several security features, including the cryptographic protections for Secure Boot, digital rights management, and Enhanced Privacy ID (EPID). It also houses the Trusted Platform Module (TPM) that allows the OS and apps to store and manage keys for things like file system encryption.
Researchers explained that hackers can exploit a firmware error in the hardware key generation mechanism that allows them to take control of code execution. They noted that “when this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted.”
The only recent platform immune to the problem is Intel’s 10th generation, Ice Point chipsets and SoCs. However, the good news is that the attack method described by Positive Technology is rather difficult to achieve without other factors at play, such as direct physical access to the hardware in question.
This isn’t the first time someone has managed to crack open Intel’s ME subsystem. Security researchers uncovered other vulnerabilities in Intel’s hardware in 2017 and 2018, not to mention the Spectre-style one from 2019 and the recently disclosed CacheOut attack, but at least those are fixable.