sb-nz logo
Story image

Unfixable vulnerability found in Intel chipsets 'impossible' to detect

09 Mar 2020

Positive Technologies has revealed a vulnerability in a widely distributed model of chipsets released by Intel, with most chipsets released in the last five years believed to contain the vulnerability.

The flaw CVE-2019-0090 can be exploited by attackers who can extract the chipset key stored on the PCH microchip and obtain access to data encrypted with the key.

Positive Technologies says it is ‘impossible’ to detect this kind of key breach, and no firmware updates can fix the vulnerability.

An attack could potentially pass off an attacker’s computer as the victim’s computer by forging its Enhanced Privacy ID (EPID) attestation, which is used in financial transactions and attestation on IoT deices.

Cyber attackers could also decrypt data stored on a target computer.

“The vulnerability resembles an error recently identified in the BootROM of Apple mobile platforms, but affects only Intel systems,” says Positive Technologies lead specialist of OS and hardware security Mark Ermolov.

“Both vulnerabilities allow extracting users' encrypted data. Here, attackers can obtain the key in many different ways. 

“For example, they can extract it from a lost or stolen laptop in order to decrypt confidential data. Unscrupulous suppliers, contractors, or even employees with physical access to the computer can get hold of the key,” says Ermolov.

“In some cases, attackers can intercept the key remotely, provided they have gained local access to a target PC as part of a multistage attack, or if the manufacturer allows remote firmware updates of internal devices, such as Intel Integrated Sensor Hub.”

Positive Technologies says data protection technologies that rely on hardware keys for encryption are most at risk, as the vulnerability could potentially compromise such keys. Some such affected technologies may include DRM, firmware TPM, and Intel Identity Protection.

Attackers with the Intel chipset can exploit the vulnerability on their own computers to bypass content DRM and make illegal copies. 

In ROM, this vulnerability also allows for arbitrary code execution at the zero level of privilege of Intel CSME, and no firmware updates can fix the vulnerability, according to Positive Technologies.

Intel has recommended users of Intel CSME, Intel SPS, Intel TXE, Intel DAL, and Intel AMT contact their device or motherboard manufacturer for microchip or BIOS updates to address the vulnerability. 

Since it is impossible to fully fix the vulnerability by modifying the chipset ROM, Positive Technologies experts recommend disabling Intel CSME-based encryption of data storage devices or considering migration to tenth-generation or later Intel CPUs. 

In this context, retrospective detection of infrastructure compromise with the help of traffic analysis systems such as PT Network Attack Discovery becomes just as important, says Positive Technologies.

Story image
ThreatQuotient hits $22.5m in new financing, continues growth streak
“Since we first invested in ThreatQuotient in 2017, their team has continued to prove to the market that there is a critical need for cybersecurity solutions aimed at security operations."More
Story image
Kroll completes Redscan acquisition, expands cyber risk portfolio
With the addition of Redscan and its extended detection and response (XDR) enabled security operations centre (SOC) platform, Kroll expands its Kroll Responder capabilities to support a wider array of cloud and on-premise telemetry sources.More
Story image
Interview: SAS outlines the seven AI-based trends you'll see in 2021
Artificial intelligence has, let's face it, been the subject of much hype, of experimentation, and in some cases, pipe dreams.More
Link image
Virtual demo: Diagnose network cabling problems with the LinkIQ Cable+Network Tester
If you’re finding it difficult to install access points and cabling, or if you can’t pinpoint an issue with a video camera or end user, the LinkIQ Cable+Network Tester could be exactly what you need. Try a free, fully interactive demo now.More
Story image
Thycotic releases new integrations to bolster account governance
“Service accounts are often left defenceless, even by enterprises with established programs for privileged user security."More
Story image
Video: 10 Minute IT Jams - Who is Okta?
Okta is an identity and access management company, specialising in secure user authentication. It's an enterprise-grade identity management service, built for the cloud, but compatible with many on-premises applications.More