Security Researchers Discover New ‘Unfixable’ Flaw on Intel CPUs

Posted on March 6, 2020 by Mehedi Hassan in Hardware with 19 Comments

Security researchers have discovered a new security flaw on Intel CPUs that “jeopardizes” Intel’s root of trust. According to security researchers at Positive Technologies, the new vulnerability affects Intel CPUs released in the past five years.

The vulnerability is apparently unfixable and impossible for antivirus software to detect. Intel has confirmed the existence of the flaw, but has downplayed the impact of the vulnerability.

The flaw is in Intel’s Converged Security and Management Engine or CMSE system that is found in Intel chips. The purpose of CMSE is to implement the Trusted Platform Module that’s used for authentication of UEFI BIOS firmware, silicon-based encryption, Microsoft BitLocker, and other security features, notes Ars Technica.

However, due to a flaw in the CMSE subsystem, attackers with physical access to a computer can exploit the subsystem to execute malicious code that could run with the highest of system privileges. As a result, attackers who are able to exploit the flaw can get around DRM protections, and can potentially extract the chipset encryption key which could enable the attacker to carry out further attacks.

There are a number of different technical components and security layers involved here, so if you are interested in the complete breakdown of how this flaw actually works, you should read the report from Positive Technologies here.

Intel has responded to the discovery and has already released patches to block one potential attack vector, stating that the flaw can only be exploited with physical access to the system. “Intel was notified of a vulnerability potentially affecting the Intel Converged Security Management Engine in which an unauthorized user with specialized hardware and physical access may be able to execute arbitrary code within the Intel CSME subsystem on certain Intel products,” a spokesperson for the company said.

Intel has found a number of vulnerabilities on its chips since the Meltdown and Spectre vulnerabilities back in 2018. And although the latest flaw is a lot less significant than Meltdown/Spectre, it could still be a major threat for some. “This vulnerability jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company’s platforms,” claimed the security researchers.

Tagged with ,

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register
Comments (19)

19 responses to “Security Researchers Discover New ‘Unfixable’ Flaw on Intel CPUs”

  1. red.radar


    Intel is really having a bad couple of years...

  2. harmjr

    So this is how the 007 Bond breaks into the top secret office pops in a usb drive and magically downloads all the data. Of course right before being caught and tortured....

  3. Daekar

    Not that this isn't something that needs fixing, but I am starting to feel the fatigue on this kind of thing. At this point, it's feeling like security just isn't something that you can buy anymore.

  4. youwerewarned

    Anything can be compromised with unrestrained direct physical access. Yet another reason to pull motherboard manufacturing out of China. That this will not happen proves we're all too cheap (users) and/or greedy (manufacturers) to actually care.

  5. Allen Markham

    To some extent, finding vulnerabilities on Intel chips reminds me of the going attempts to "Jailbreak" iPhones - though, of course, for the most part, jailbreaking is not malicious but just a way of making iPhones work the way the user want. It finds vulnerabilities in chips and exploits them until the manufacturer fixes the chip.

  6. BizTechSherpa

    I now use an iPad as my primary mobile device, so much of my day is on that. But I also have a Mac Pro 2013 ("Trash Can") at home, and an Intel NUC at the office. Problem is, everything is in the cloud via OneDrive, O365, etc. so I am 2/3 vulnerable.

  7. illuminated

    Physical access is needed. Better have a device with the lowest repairability score.

  8. rm

    In reply to MikeGalos:

    I guess we haven't virtualized enough yet! ?

  9. brandonmills

    Can only be exploited with physical access to the system.


    ...I mean, isn't preventing the attacker from reading your data after they have your BitLockered drive the entire point? What if a tool is released that easily defeats BitLocker? Not great news.

  10. chaad_losan

    And the hits just keep on coming!

  11. martinusv2

    Only Gen10 chips that are not affected. Like Steve Gibson use to say: "Its the gift that keep on giving".

  12. wright_is

    The "good" part is that you need a piece of additional hardware installed on the pc that boots faster than the CSME and can slip data into its pointer table, in its own, private, not from the rest of the system visible memory in the couple of milliseconds during the boot process, before it encrypts the table.

    Its like shooting fish in a barrel, well, a single minnow in a tiny barrel over 1,000 miles away, and hitting it square between the eyes.

  13. StevenLayton

    Poor Intel, they just don't seem to be able to catch a break, lol.

  14. canamrotax

    I have always said, with physical access to a machine, all bets are off...

  15. rmlounsbury

    Hmmm, that Surface Pro X looks a little better this morning.

Leave a Reply