Security Researchers Discover New ‘Unfixable’ Flaw on Intel CPUs

Posted on March 6, 2020 by Mehedi Hassan in Hardware with 19 Comments

Security researchers have discovered a new security flaw on Intel CPUs that “jeopardizes” Intel’s root of trust. According to security researchers at Positive Technologies, the new vulnerability affects Intel CPUs released in the past five years.

The vulnerability is apparently unfixable and impossible for antivirus software to detect. Intel has confirmed the existence of the flaw, but has downplayed the impact of the vulnerability.

The flaw is in Intel’s Converged Security and Management Engine or CMSE system that is found in Intel chips. The purpose of CMSE is to implement the Trusted Platform Module that’s used for authentication of UEFI BIOS firmware, silicon-based encryption, Microsoft BitLocker, and other security features, notes Ars Technica.

However, due to a flaw in the CMSE subsystem, attackers with physical access to a computer can exploit the subsystem to execute malicious code that could run with the highest of system privileges. As a result, attackers who are able to exploit the flaw can get around DRM protections, and can potentially extract the chipset encryption key which could enable the attacker to carry out further attacks.

There are a number of different technical components and security layers involved here, so if you are interested in the complete breakdown of how this flaw actually works, you should read the report from Positive Technologies here.

Intel has responded to the discovery and has already released patches to block one potential attack vector, stating that the flaw can only be exploited with physical access to the system. “Intel was notified of a vulnerability potentially affecting the Intel Converged Security Management Engine in which an unauthorized user with specialized hardware and physical access may be able to execute arbitrary code within the Intel CSME subsystem on certain Intel products,” a spokesperson for the company said.

Intel has found a number of vulnerabilities on its chips since the Meltdown and Spectre vulnerabilities back in 2018. And although the latest flaw is a lot less significant than Meltdown/Spectre, it could still be a major threat for some. “This vulnerability jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company’s platforms,” claimed the security researchers.

Tagged with ,

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register
Comments (19)

19 responses to “Security Researchers Discover New ‘Unfixable’ Flaw on Intel CPUs”

  1. Avatar

    red.radar


    Intel is really having a bad couple of years...

  2. Avatar

    harmjr

    So this is how the 007 Bond breaks into the top secret office pops in a usb drive and magically downloads all the data. Of course right before being caught and tortured....

  3. Avatar

    Daekar

    Not that this isn't something that needs fixing, but I am starting to feel the fatigue on this kind of thing. At this point, it's feeling like security just isn't something that you can buy anymore.

  4. Avatar

    youwerewarned

    Anything can be compromised with unrestrained direct physical access. Yet another reason to pull motherboard manufacturing out of China. That this will not happen proves we're all too cheap (users) and/or greedy (manufacturers) to actually care.

  5. Avatar

    Allen Markham

    To some extent, finding vulnerabilities on Intel chips reminds me of the going attempts to "Jailbreak" iPhones - though, of course, for the most part, jailbreaking is not malicious but just a way of making iPhones work the way the user want. It finds vulnerabilities in chips and exploits them until the manufacturer fixes the chip.

  6. Avatar

    BizTechSherpa

    I now use an iPad as my primary mobile device, so much of my day is on that. But I also have a Mac Pro 2013 ("Trash Can") at home, and an Intel NUC at the office. Problem is, everything is in the cloud via OneDrive, O365, etc. so I am 2/3 vulnerable.

  7. Avatar

    illuminated

    Physical access is needed. Better have a device with the lowest repairability score.

  8. Avatar

    rm

    In reply to MikeGalos:

    I guess we haven't virtualized enough yet! ?

  9. Avatar

    brandonmills

    Can only be exploited with physical access to the system.


    ...I mean, isn't preventing the attacker from reading your data after they have your BitLockered drive the entire point? What if a tool is released that easily defeats BitLocker? Not great news.

  10. Avatar

    chaad_losan

    And the hits just keep on coming!

  11. Avatar

    martinusv2

    Only Gen10 chips that are not affected. Like Steve Gibson use to say: "Its the gift that keep on giving".

  12. Avatar

    wright_is

    The "good" part is that you need a piece of additional hardware installed on the pc that boots faster than the CSME and can slip data into its pointer table, in its own, private, not from the rest of the system visible memory in the couple of milliseconds during the boot process, before it encrypts the table.

    Its like shooting fish in a barrel, well, a single minnow in a tiny barrel over 1,000 miles away, and hitting it square between the eyes.

  13. Avatar

    StevenLayton

    Poor Intel, they just don't seem to be able to catch a break, lol.

  14. Avatar

    canamrotax

    I have always said, with physical access to a machine, all bets are off...

  15. Avatar

    rmlounsbury

    Hmmm, that Surface Pro X looks a little better this morning.

Leave a Reply