Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
HalGameGuru

"Unfixable" Security flaw found in Intel CPUs

Recommended Posts

Posted · Original PosterOP

Security specialists at Positive Technologies claim to have found an unfixable security flaw in Intel CPUs. Specifically in the Converged Security and Management Engine (CSME). They claim that while it is difficult to exploit it is a vulnerability that cannot be patched and can lead to the execution of malicious code and commandeering of the entire PC.

 

Quote

The weakness was spotted and reported to Intel by Positive Technologies, an infosec outfit that has previously prodded and poked Chipzilla's Management Engine. Although Positive announced its findings today, it is withholding the full technical details until a whitepaper about it all is ready.

The CSME is the built in "hypervisor" on Intel CPUs that initializes the boot up process for the chip as a whole.

Quote

CSME, which has its own 486-based CPU, RAM and boot ROM, is the first thing that runs when you boot up your computer. One of the first things it does is protect its own memory, but before that happens, there's a brief moment when it's vulnerable. If hackers have local or physical access to a machine, they might be able to fire off a DMA transfer to that RAM, overwriting it and hijacking code execution.

They claim that the vulnerability is baked into the silicon itself and cannot be patched away. And physical access to the device could result in backdoors that are undetectable and pervasive.

Intel believes they have fixed any vulnerabilities that do not require physical access to the machine, but that only maintaining physical security can protect against this vulnerability.

 

Quote

Intel recommends that users of Intel CSME, Intel SPS, Intel TXE, Intel DAL, and Intel AMT contact their device or motherboard manufacturer for microchip or BIOS updates to address the vulnerability. Check the Intel website for the latest recommendations on mitigation of vulnerability CVE-2019-0090.

Since it is impossible to fully fix the vulnerability by modifying the chipset ROM, Positive Technologies experts recommend disabling Intel CSME based encryption of data storage devices or considering migration to tenth-generation or later Intel CPUs. In this context, retrospective detection of infrastructure compromise with the help of traffic analysis systems such as PT Network Attack Discovery becomes just as important.

This is much harder to exploit than earlier security flaws but could result in compromised security that the end user is never aware of and could even allow access to encrypted data. They claim the latest 10th gen no longer has this problem but time and continued research will tell.

 

Link to post
Share on other sites

This is very worrying, especially coming from a company as big as Intel

Link to post
Share on other sites

Another one?


Bethesda PC:   R7 3700X  -  Crosshair VIII hero  -  Corsair Vengeance RGB 16GB@3.2GHz -  Strix 1070Ti  -  Samsung 860 Evo 256GB  -  WD Blue 2TB SSD -  Lian Li PC-011D  -  H100i RGB Platinum SE  -  Rm650x

CrumpleBox V3:  Xeon X5680  -  Asus X58 Sabertooth  -  DDr3 16GB@1.33Ghz  -  PNY OC GTX 1060 3GB- XFX Ghost HD 7770 -  TT smart RGB 700W  -  

Fractal Design Define C  -  120GB Samsung 850 Pro  -  1TB Hitachi@7200RPM   -  LTT Edition Chromax NH-D15 ?

Perhiperals:  Gateway 900p60 monitor  -  Dell 1024x768@75  -  Logi. G403 Carbon  -  Logi. G502  -  SteSer. Arctis 5  -  SteSer. Rival 110 - Corsair Strafe RGB MK.2

Link to post
Share on other sites

spacer.png


PLEASE QUOTE ME IF YOU ARE REPLYING TO ME
LinusWare Dev | NotCPUCores Dev

Desktop Build: Ryzen 7 1800X @ 4.0GHz, AsRock Fatal1ty X370 Professional Gaming, 32GB Corsair DDR4 @ 3000MHz, RX480 8GB OC, Benq XL2730 1440p 144Hz FS

Retro Build: Intel Pentium III @ 500 MHz, Dell Optiplex G1 Full AT Tower, 768MB SDRAM @ 133MHz, Integrated Graphics, Generic 1024x768 60Hz Monitor


 

Link to post
Share on other sites

Well, time to release the CSME and IME source code and ways to disable/remove it? Intel is fucked up with vulnerabilities, and they seem not to care.

Link to post
Share on other sites
13 minutes ago, PacketMan said:

Well, time to release the CSME and IME source code and ways to disable/remove it? Intel is fucked up with vulnerabilities, and they seem not to care.

not care they have bug bounty which they pay for this

 

how is this not caring in the first place?

Link to post
Share on other sites
Posted · Original PosterOP
4 minutes ago, kiranbl said:

This Flaw could defeat encryption and DRM protections. However, this is not true for latest 10 Gen processors as it is not vulnerable to Intel's CSME ( Converged Security Management Engine). 

I recommend to read this article : https://www.theverge.com/2020/3/6/21167782/intel-processor-flaw-root-of-trust-csme-security-vulnerability

I have multiple sources already, the verge is a few rungs lower than whats already linked, in my mind. The release from the security researchers themselves is the big one to read.

 

https://www.ptsecurity.com/ww-en/about/news/unfixable-vulnerability-in-intel-chipsets-threatens-users-and-content-rightsholders/

Link to post
Share on other sites
Just now, HalGameGuru said:

the verge is a few rungs lower than whats already linked, in my mind

tweezers


Bethesda PC:   R7 3700X  -  Crosshair VIII hero  -  Corsair Vengeance RGB 16GB@3.2GHz -  Strix 1070Ti  -  Samsung 860 Evo 256GB  -  WD Blue 2TB SSD -  Lian Li PC-011D  -  H100i RGB Platinum SE  -  Rm650x

CrumpleBox V3:  Xeon X5680  -  Asus X58 Sabertooth  -  DDr3 16GB@1.33Ghz  -  PNY OC GTX 1060 3GB- XFX Ghost HD 7770 -  TT smart RGB 700W  -  

Fractal Design Define C  -  120GB Samsung 850 Pro  -  1TB Hitachi@7200RPM   -  LTT Edition Chromax NH-D15 ?

Perhiperals:  Gateway 900p60 monitor  -  Dell 1024x768@75  -  Logi. G403 Carbon  -  Logi. G502  -  SteSer. Arctis 5  -  SteSer. Rival 110 - Corsair Strafe RGB MK.2

Link to post
Share on other sites

And intel is back to work, this time they have a nice little `feature` that lets you (or some else) run code on the cpu before the OS boots... even if you have secure boot enabled.

https://www.theregister.co.uk/2020/03/05/unfixable_intel_csme_flaw/

 

Quote

During that timing gap, other hardware – physically attached or present on the motherboard – that is able to fire off a DMA transfer into the CSME's private RAM may do so, overwriting variables and pointers and hijacking its execution. At that point, the CSME can be commandeered for malicious purposes, all out of view of the software running above it.

So this means that any `attached hardware` (that could include Thunderbolt devices since they share the PCIe bus) can compromise the boot prosses.

 

Quote

Crucially, the boot ROM is read-only: it cannot be patched. The IOMMU's reset defaults can't be changed either without replacing the silicon. So, Intel chipsets out in people's computers are stuck with the vulnerability.

There is no fix possible for existing systems.


 

Quote

"To fully compromise EPID, hackers would need to extract the hardware key used to encrypt the Chipset Key, which resides in Secure Key Storage (SKS)," explained Positive's Mark Ermolov.
 

"However, this key is not platform-specific. A single key is used for an entire generation of Intel chipsets. And since the ROM vulnerability allows seizing control of code execution before the hardware key generation mechanism in the SKS is locked, and the ROM vulnerability cannot be fixed, we believe that extracting this key is only a matter of time.
 

"When this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted."

 

 

The only intel systems released at the moment that are protected from this are Macs with T1 or T2 chips (these chips handle the pre-boot rather than the main cpu) in addition the disk encryption keys are not related to those within intels system. 

https://9to5mac.com/2020/03/06/intel-chip-flaw

Link to post
Share on other sites

This does bring to light the benefit of have a secondary security chip (like the T1, T2 chips in macs) these handle the pre-boot (and start up before the main cpu) so that vulnerabilities like this cant affect these systems. In addition to the cryptography keys being kept of the main system chip.

Link to post
Share on other sites
5 hours ago, Koti said:

This is very worrying, especially coming from a company as big as Intel

What has their size got to do with this other than the basic law of averages?


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Sometimes I miss contractions like n't on the end of words like wouldn't, couldn't and shouldn't.    Please don't be a dick,  make allowances when reading my posts.

Link to post
Share on other sites
Just now, mr moose said:

What has their size got to do with this other than the basic law of averages?

Or even that the large the company the more possible it is for things to slip through the cracks.

Link to post
Share on other sites

* threads merged *


If you need help with your forum account, please use the Forum Support form !

 

VPN server guide

Guide to run any software as Admin

NiceHash Mining Guide

Ethereum Mining Guide

Spoiler

My Gaming Rig - Motherboard: MSI Z370-A PRO CPU: i7-8700 RAM: 32GB DDR4 2400(4x8GB) GPU: Gigabyte GTX 1060 3GB OS SSD: 240GB Avexir E100 Storage: 2x 1TB Seagate PSU: Seasonic G650 OS: Windows 10 Pro 64bits Monitor: Acer 21in G205H + Lenovo 21in

 

Link to post
Share on other sites

they can force a bios update that cant be reverted?

 

had few mobos that couldnt revert back to older bios

Link to post
Share on other sites
5 minutes ago, hishnash said:

Or even that the large the company the more possible it is for things to slip through the cracks.

That's what the law of averages means.  The more there is of something the higher the probability for smaller conditions to be noticed/exist.  

 

EDIT: please note I said the higher the probability for things to be noticed/exist.  by this I mean the probability that they will happen does not change in relation to frequency (amount) but that our ability to see them becomes more probable.


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Sometimes I miss contractions like n't on the end of words like wouldn't, couldn't and shouldn't.    Please don't be a dick,  make allowances when reading my posts.

Link to post
Share on other sites
1 hour ago, pas008 said:

they can force a bios update that cant be reverted?

 

had few mobos that couldnt revert back to older bios

CSME is in a ROM, not flash, so no, you can't fix the issue with a BIOS-update.


Hand, n. A singular instrument worn at the end of the human arm and commonly thrust into somebody’s pocket.

Link to post
Share on other sites

If they fix it RIP singlecore performance (again)


I tend to reply with memes because I lack social skills and don't know how to express myself correctly.

Link to post
Share on other sites
7 hours ago, HalGameGuru said:

If hackers have local or physical access to a machine

Then this whole "flaw" is a non-sequiter. If hackers have physical access to a machine there are all sorts of things that they can do that are logically impossible to defend against, let you side step any component, and are not considered exploits.

I mean, if they have physical access to the machine they can do literally anything they want to it.

 

Even for the given case, hijacking RAM, if you have physical access you can do that with an In-Circuit Emulator...

I really hope Intel doesn't lose any sleep over this, or give up performance to fix it, unless it can be exploited remotely.


I will never succumb to the New Cult and I reject the leadership of @Aelar_Nailo and his wicked parrot armies led by @FakeCIA and @DildorTheDecent. I will keep my eyes pure and remain dedicated to the path of the One True; IlLinusNati

Link to post
Share on other sites

Oh cool, glad I went AMD.


CPU: AMD Ryzen 3600 / GPU: Radeon HD7970 GHz 3GB(upgrade pending) / RAM: Corsair Vengeance LPX 2x8GB DDR4-3200
MOBO: MSI B450m Gaming Plus / NVME: Corsair MP510 240GB / Case: TT Core v21 / PSU: Seasonic 750W / OS: Win 10 Pro

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×