sb-au logo
Story image

Unfixable vulnerability found in Intel chipsets 'impossible' to detect

09 Mar 2020

Positive Technologies has revealed a vulnerability in a widely distributed model of chipsets released by Intel, with most chipsets released in the last five years believed to contain the vulnerability.

The flaw CVE-2019-0090 can be exploited by attackers who can extract the chipset key stored on the PCH microchip and obtain access to data encrypted with the key.

Positive Technologies says it is ‘impossible’ to detect this kind of key breach, and no firmware updates can fix the vulnerability.

An attack could potentially pass off an attacker’s computer as the victim’s computer by forging its Enhanced Privacy ID (EPID) attestation, which is used in financial transactions and attestation on IoT deices.

Cyber attackers could also decrypt data stored on a target computer.

“The vulnerability resembles an error recently identified in the BootROM of Apple mobile platforms, but affects only Intel systems,” says Positive Technologies lead specialist of OS and hardware security Mark Ermolov.

“Both vulnerabilities allow extracting users' encrypted data. Here, attackers can obtain the key in many different ways. 

“For example, they can extract it from a lost or stolen laptop in order to decrypt confidential data. Unscrupulous suppliers, contractors, or even employees with physical access to the computer can get hold of the key,” says Ermolov.

“In some cases, attackers can intercept the key remotely, provided they have gained local access to a target PC as part of a multistage attack, or if the manufacturer allows remote firmware updates of internal devices, such as Intel Integrated Sensor Hub.”

Positive Technologies says data protection technologies that rely on hardware keys for encryption are most at risk, as the vulnerability could potentially compromise such keys. Some such affected technologies may include DRM, firmware TPM, and Intel Identity Protection.

Attackers with the Intel chipset can exploit the vulnerability on their own computers to bypass content DRM and make illegal copies. 

In ROM, this vulnerability also allows for arbitrary code execution at the zero level of privilege of Intel CSME, and no firmware updates can fix the vulnerability, according to Positive Technologies.

Intel has recommended users of Intel CSME, Intel SPS, Intel TXE, Intel DAL, and Intel AMT contact their device or motherboard manufacturer for microchip or BIOS updates to address the vulnerability. 

Since it is impossible to fully fix the vulnerability by modifying the chipset ROM, Positive Technologies experts recommend disabling Intel CSME-based encryption of data storage devices or considering migration to tenth-generation or later Intel CPUs. 

In this context, retrospective detection of infrastructure compromise with the help of traffic analysis systems such as PT Network Attack Discovery becomes just as important, says Positive Technologies.

Story image
Latest DDLS certification equips IT professionals with in-demand security skills
DDLS has introduced the Certified Secure Software Lifecycle Professional (CSSLP) certification from (ISC), a significant addition to its cybersecurity portfolio.More
Story image
Forrester names Thycotic a Leader in privileged access management
Thycotic received the highest possible score in 11 of the 24 criteria in the study, including SaaS/cloud, innovation roadmap, and integrations, deployment, supporting products and services, commercial model, and PIM installed base.More
Story image
Video: 10 Minute IT Jams - SonicWall VP on the benefits of Boundless Cybersecurity
Today's interviewee will discuss the ins and outs of the company's Boundless Cybersecurity solution and how it can help APAC organisations adjust to the new normal, as well as explaining the 'cybersecurity business gap'.More
Story image
Rate of ransomware attacks in Australia well above global average — report
Over two-thirds (67%) of Australian organisations have suffered a ransomware attack in the last 12 months — 10 percentage points above the global average of 57%.More
Story image
ThreatQuotient & Infoblox integrate threat intelligence capabilities
“Together, our integration eases the consumption of threat intelligence from various internal and external sources to ensure that intelligence is accurate, relevant and timely to an organisation’s business.”More
Story image
Fortinet named Leader in Gartner Magic Quadrant for Network Firewalls
It is 11th time the company has been recognised in the annual report.More