It has been a rough patch of years for Intel since 2017 when it comes to vulnerabilities or exploits. Unfortunately that does not seem to be changing with this story. Researchers over at Positive Technologies have discovered a troublesome vulnerability. This particular one is not something that can be fixed via a simple firmware patch. Positive Technologies is preparing a full-length white paper with all the technical details but there is plenty to digest in what they have already posted on their blog page.
It starts at the hardware level of the boot ROM for the Intel Converged Security and Management Engine, or CSME.
From Positive Technologies:
“CSME is responsible for initial authentication of Intel-based systems by loading and verifying all other firmware for modern platforms. For instance, Intel CSME interacts with CPU microcode to authenticate UEFI BIOS firmware using BootGuard. Intel CSME also loads and verifies the firmware of the Power Management Controller responsible for supplying power to Intel chipset components.”
If that does not make some people nervous there is more to this.
“Even more importantly, Intel CSME is the cryptographic basis for hardware security technologies developed by Intel and used everywhere, such as DRM, fTPM, and Intel Identity Protection.”
PT did reach out to Intel regarding this. Intel responded that they are aware of the vulnerability, now named CVE-2019-0090, and exploring solutions. Since this type of vulnerability cannot be fixed via a firmware patch they are exploring a vector based strategy. The first patch will address one particular attack vector with the Integrated Sensors Hub, or ISH. It is all but guaranteed that as more potential attack vectors are identified more patches will follow. TPU has noted that all but the latest 10th gen CPU’s, Ice Point-based chipsets & SoCs are affected by this. A significant point, though, is that physical access is needed to take advantage this new exploit.
In recent years Intel has had their hands full with speculative execution attacks. They have had levels of success with micro-code updates to address Spectre and other similar exploits. More recently, however, another one was discovered in the beginning of 2020. This one, CVE-2020-0549, has been nicknamed Cacheout.