Unfixable vulnerability in Intel chipsets lets attackers decrypt data

News by SC Staff

Platform encryption keys can be compromised enabling attackers to steal data due to Intel chipset Rom error.

A vulnerability in Intel CSME - CVE-2019-0090 - can enable a local attacker to extract the chipset key stored on the PCH microchip and obtain access to data encrypted with the key. Discoverers Positive Technologies say that it is impossible to detect such a key breach.

With the chipset key, attackers can decrypt data stored on a target computer and forge its Enhanced Privacy ID (EPID) attestation, passing off an attacker computer as the victim's computer. EPID is used in DRM, financial transactions, and attestation of IoT devices.

Researcher Mark Ermolov, lead specialist of OS and hardware security at Positive Technologies, explained in a public statement: "The vulnerability resembles an error recently identified in the BootROM of Apple mobile platforms, but affects only Intel systems.

Both vulnerabilities allow extracting users' encrypted data. Attackers can obtain the key in many different ways, eg they can extract it from a lost or stolen laptop to decrypt confidential data. Unscrupulous suppliers, contractors, or even employees with physical access to the computer can get hold of the key. In some cases, attackers can intercept the key remotely, provided they have gained local access to a target PC as part of a multistage attack, or if the manufacturer allows remote firmware updates of internal devices, such as Intel Integrated Sensor Hub."

Data protection technologies relying on hardware keys for encryption, such as DRM, firmware TPM, and Intel Identity Protection can be compromised. Attackers can exploit the vulnerability on their computers to bypass content DRM and make illegal copies. In ROM, this vulnerability also allows for arbitrary code execution at the zero levels of the privilege of Intel CSME. No firmware updates can fix the vulnerability.

Intel recommends that users of Intel CSME, Intel SPS, Intel TXE, Intel DAL, and Intel AMT contact their device or motherboard manufacturer for microchip or BIOS updates to address the vulnerability. Check the Intel website for the latest recommendations on mitigation of vulnerability CVE-2019-0090.

As it is reportedly impossible to fully fix the vulnerability by modifying the chipset ROM, Positive Technologies experts recommend disabling Intel CSME based encryption of data storage devices or consider migration to tenth-generation or later Intel CPUs.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews