Intel has admitted that there are serious security flaws in processors it has shipped that could allow hackers to hijack computers.
According to a security alert issued by the chipmaker, versions of Intel's Management Engine firmware (11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0) are impacted.
Potentially millions of Intel processors including 6th, 7th and 8th Generation Intel Core processors and the chipmaker's Xeon, Atom, Apollo Lake and Celeron processors.
It said that the flaws could allow an attacker to “gain unauthorised access to platform, Intel ME feature, and 3rd party secrets protected by the Intel Management Engine (ME), Intel Server Platform Service (SPS), or Intel Trusted Execution Engine (TXE).”
It added that a successful attacker could Impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity, load and execute arbitrary code outside the visibility of the user and operating system, and cause a system crash or system instability.
Security researchers at Positive Technologies are credited for identifying three vulnerabilities (CVE-2017-5705, CVE-2017-5706, and CVE-2017-5707) in Intel chips in October.
“Intel ME is at the heart of a vast number of devices worldwide, which is why we felt it important to assess its security status,” said Maxim Goryachy a researcher at Positive Technologies who discovered the vulnerabilities. “It sits deep below the OS and has visibility of a range of data, everything from information on the hard drive to the microphone and USB. Given this privileged level of access, a hacker with malicious intent could also use it to attack a target below the radar of traditional software-based countermeasures such as anti-virus.”
Rapid7's chief data scientist, Bob Rudis said that pre-patch mitigations include segmenting off vital server components - especially the management Ethernet ports for those servers - along with introducing extra network and system activity monitoring. “However, there are no real workarounds. The only course of action to protect your organisation is to patch. Systems that have no patch available will need to be retired/upgraded,” he added.
Rudis said that Intel has setup a tracking page with vendor information and patches, as provided. “It is vital that organisations take these vulnerabilities seriously and create patching workflows as soon as possible,” he said.
James Maude, senior security engineer at Avecto, told SC Media UK that from hardware to software, admin accounts with wide-ranging privilege rights present a large attack surface. “The fact that these critical security gaps have appeared in hardware that can be found in almost every organisation globally demonstrates that all businesses need to bear this in mind,” he said.
“Vulnerabilities like this are especially dangerous as they can allow the attacker to operate above the operating system and bypass all the traditional security measures. With modern systems, we need to consider the full stack and ensure that privilege management and patching is implemented from the hardware upwards.”
Jon Geater, CTO, Thales eSecurity, told SC Media UK that this vulnerability likely represents an extreme threat to enterprise data and digital identities. “Allowing hackers into the most privileged execution space means anything could happen – from ransomware to data theft to corruption and fraudulent communications,” he said.
“The continued appearance of these kinds of attacks in general purpose computers reinforces the need to keep your valuable cryptographic keys and digital identities in separate dedicated hardware that is proven to protect it and enforce it is used correctly.”