If your computer isn’t running an up to date Intel 10th generation CPU, then I’ve got some bad news; an “unfixable” crypto vulnerability with impossible to detect exploits has been confirmed. Researchers have uncovered an Intel CPU read-only memory (ROM) vulnerability with the potential for attackers to compromise encryption keys and steal data. Mark Ermolov, the report author, said that it’s “impossible to fix firmware errors that are hard-coded in the Mask ROM of microprocessors and chipsets.” This is rather concerning when you take into account that a successful exploit would be at the hardware level and so, according to Ermolov, “it destroys the chain of trust for the platform as a whole.”
What is CVE-2019-0090, and why does it matter?
There have been quite a few crypto-related security scares of late, including the NSA-reported ‘Curveball‘ threat to Windows 10 users. How does CVE-2019-0090 stack up in terms of criticality?
The CVE-2019-0090 vulnerability concerns the Converged Security and Management Engine (CSME) within most Intel CPUs released over the last five years, those 10th generation iterations being the exception. It’s a big deal because CSME is, in effect, the computer inside the Intel inside your computer. It provides the low-level cryptographic verifications when the motherboard boots, among other things. It’s the first thing that runs when you hit the power switch and the root of trust for everything that follows.
If CVE-2019-0090 sounds familiar, then firstly, you are a security geek of the first order. More importantly, it was disclosed back in May 2019 when Intel released a security update to fix it. That fix, it turns out, was but a partial one that dealt with just one potential attack vector. Although full details are being withheld at the moment, Ermolov did state in the Positive Technologies report that “there might be many ways to exploit this vulnerability in ROM,” not all requiring physical access, some just local malware-related access.
It’s not all bad news, out here in the real world
There is some good news among the bad, though, and we must keep the attack potential in real-world perspective: exploiting this vulnerability to any valuable end is far from easy. While the Enhanced Privacy ID (EPID) procedure at the heart of the root of trust mentioned before is vulnerable to a reading of the Chipset Key which could then allow an attacker to bypass authenticity checks in CSME firmware module code, that key itself is encrypted within the One-Time Programmable (OTP) memory. “To fully compromise EPID,” Ermolov said, “hackers would need to extract the hardware key used to encrypt the Chipset Key, which resides in Secure Key Storage (SKS).” This is not trivial by any means, and there is no evidence that anyone has figured out how to obtain the hard-coded hardware key component directly.
Intel offers mitigation guidance
An Intel spokesperson responded to my request for comment on the matter with the following statement by email: “Intel was notified of a vulnerability potentially affecting the Intel Converged Security Management Engine in which an unauthorized user with specialized hardware and physical access may be able to execute arbitrary code within the Intel CSME subsystem on certain Intel products. Intel released mitigations and recommends keeping systems up-to-date. Additional guidance specific to CVE-2019-0090 can be found here.”