Researchers at Positive Technologies announced a new vulnerability has been found in the ROM of the Intel Converged Security and Management Engine (CSME). Researchers also claim that it is impossible to fix firmware errors because that is hard-coded in the Mask ROM of microprocessors and chipsets. The flaw allows a compromise at the hardware level, thus the chain of trust is completely ineffective against the attacks those target this vulnerability. The vulnerability is tracked as CVE-2019-0090.
Vulnerability is present in both hardware and the firmware
Researchers also discovered an error in Intel CSME firmware at the very early stages of the subsystem’s operation, in its boot ROM. In Intel-based systems, Intel CSME is responsible for the initial authentication. Attackers can exploit this flaw to extract data from encrypted hard-drives and bypass the DRM protections. All Intel chipsets and SoCs are affected by the vulnerability, except generation 10.
Positive Technologies also noted,
“Intel CSME firmware at the very early stages of the subsystem’s operation, in its boot ROM. Unfortunately, no security system is perfect. Like all security architectures, Intel’s had a weakness: the boot ROM, in this case. An early-stage vulnerability in ROM enables control over reading of the Chipset Key and generation of all other encryption keys. One of these keys is for the Integrity Control Value Blob (ICVB). With this key, attackers can forge the code of any Intel CSME firmware module in a way that authenticity checks cannot detect. This is functionally equivalent to a breach of the private key for the Intel CSME firmware digital signature, but limited to a specific platform.”