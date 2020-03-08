© chiradech, Adobe Stock



An error in chipset read-only memory (ROM) could allow attackers to compromise platform encryption keys and steal sensitive information.Intel has thanked Positive Technologies experts for their discovery of a vulnerability in Intel CSME. Most Intel chipsets released in the last five years contain the vulnerability in question.By exploiting vulnerability CVE-2019-0090, a local attacker could extract the chipset key stored on the PCH microchip andWorse still, it is impossible to detect such a key breach. With the chipset key, attackers can decrypt data stored on a target computer and even forge its Enhanced Privacy ID (EPID) attestation, or in other words, pass off an attacker computer as the victim's computer. EPID is used in DRM, financial transactions, and attestation of IoT devices.One of the researchers, Mark Ermolov, Lead Specialist of OS and Hardware Security at Positive Technologies, explained:The vulnerability potentially allows compromising common data protection technologies that rely on hardware keys for encryption, such as DRM, firmware TPM, and Intel Identity Protection. For example, attackers can exploit the vulnerability on their own computers to bypass content DRM and make illegal copies.Intel recommends that users of Intel CSME, Intel SPS, Intel TXE, Intel DAL, and Intel AMT contact their device or motherboard manufacturer for microchip or BIOS updates to address the vulnerability. Check the Intel website for the latest recommendations on mitigation of vulnerability CVE-2019-0090.Since it is impossible to fully fix the vulnerability by modifying the chipset ROM, Positive Technologies experts recommend disabling Intel CSME based encryption of data storage devices or considering migration to tenth-generation or later Intel CPUs. In this context, retrospective detection of infrastructure compromise with the help of traffic analysis systems such as PT Network Attack Discovery becomes just as important.Positive Technologies experts have been analyzing the CSME Intel ME subsystem for several years. In 2017, Mark Ermolov and Maxim Goryachy spoke at Black Hat Europe about a vulnerability in Intel Management Engine 11, which allows intruders to access most of the data and processes on a device. In 2018, Apple fixed a vulnerability in computer firmware (CVE-2018-4251) found by Positive Technologies.