Intel CSME bug is worse than previously thought

Researchers say a full patch requires replacing hardware. Only the latest Intel 10th generation CPUs are not affected.

Intel CPU

Security researchers say that a bug in one of Intel's CPU technologies that was patched last year is actually much worse than previously thought.

"Most Intel chipsets released in the last five years contain the vulnerability in question," said Positive Technologies in a report published today.

Attacks are impossible to detect, and a firmware patch only partially fixes the problem.

To protect devices that handle sensitive operations, researchers recommend replacing CPUs with versions that are not impacted by this bug. Only the latest Intel 10th generation chips are not vulnerable, researchers said.

Bug impacts Intel CSME

The actual vulnerability is tracked as CVE-2019-0090, and it impacts the Intel Converged Security and Management Engine (CSME), formerly called the Intel Management Engine BIOS Extension (Intel MEBx).

The CSME is a security feature that's included with all recent Intel CPUs. It is considered a "cryptographic basis" for all other Intel technologies and firmware running on Intel-based platforms.

According to Mark Ermolov, Lead Specialist of OS and Hardware Security at Positive Technologies, the CSME is one of the first systems that start running and is responsible for cryptographically verifying and authenticating all firmware loaded on Intel-based computers.

For example, the CSME is responsible for loading and verifying UEFI BIOS firmware and the firmware for the PMC (Power Management
Controller), the component that manages a chipset's power supply.

The CSME is also "the cryptographic basis" for other Intel technologies like Intel EPID (Enhanced Privacy ID), Intel Identity Protection, any DRM (Digital Rights Management) technologies, or firmware-based TPMs (Trusted Platform Modules).

In other words, the CSME is, basically, a "root of trust" for every other technology running on Intel chipsets.

Worse than previously thought

In May 2019, with the release of the Intel-SA-00213 security update, Intel patched a bug in Intel CPUs that impacted this root of trust -- the CSME.

At the time, the CVE-2019-0090 vulnerability was only described as a firmware bug that allowed an attacker with physical access to the CPU to escalate privileges and execute code from within the CSME. Other Intel technologies, like Intel TXE (Trusted Execution Engine) and SPS (Server Platform Services), were also listed as impacted.

But in new research published today, Ermolov says the bug can be exploited to recover the Chipset Key, which is the root cryptographic key that can grant an attacker access to everything on a device.

Furthermore, Ermolov says that this bug can also be exploited via "local access" -- by malware on a device, and not necessarily by having physical access to a system. The malware will need to have OS-level (root privileges) or BIOS-level code execution access, but this type of malware has been seen before and is likely not a hurdle for determined and skilled attackers that are smart enough to know to target the CSME.

The vulnerability happens, according to Ermolov, because the CSME firmware is left unprotected on the boot ROM during early booting. The Chipset Key can be extracted via various methods during this short interval, the researcher said.

"Applying the patch for SA-00213 prevents the ISH (Integrated Sensors Hub) exploitation vector, but doesn't fix the bug in CSME boot ROM," Ermolov told ZDNet in an email, explaining that the Intel firmware patch fixes only some of the problem.

Fully patching this attack vector will require replacing the CPU, the Positive Technology researchers said.

Jailbreaking CPUs to bypass DRM?

But while this vulnerability could be used for offensive purposes, like extracting a server's Chipset Key in order to decrypt traffic and other data, there's also another "niche" to which the bug might sound quite attractive.

Ermolov points out that the bug can also be used by users on their own computers for bypassing DRM protections and access copyright-protected content.

The researcher plans to release a white paper with more technical details later this spring, at which time, members of the online piracy community will most likely take an interest in this bug as well.

Contacted for comment, Intel reaffirmed that the bug can only be exploited via physical access and urged users to apply the May 2019 updates.

"Unfortunately, no security system is perfect," Positive Technologies said.