Late last week security researchers at Positive Technologies said they found a flaw in Intel chips' read-only memory. They described the flaw as “unfixable” and said it could let attackers compromise platform encryption keys and steal sensitive information. Exploiting it, however, requires an attacker to get physical access to a compromised server.
"No firmware updates can fix the vulnerability," the researchers said.
Since it is impossible to fully fix it, Positive recommends that IT managers disable Intel CSME-based encryption of data storage devices in their data centers or consider migration to tenth-generation or later Intel CPUs. CSME, or Converged Security and Management Engine, is the part of Intel CPUs responsible for Microsoft System Guard and BitLocker, the Trusted Platform Module used for hardware-based encryption and other security features.
"The scenario that Intel system architects, engineers, and security specialists perhaps feared most is now a reality," Positive security researcher Mark Ermolov wrote. "This vulnerability jeopardizes everything Intel has done to build the root of trust."
“The problem is not only that it is impossible to fix firmware errors that are hard-coded in the mask ROM of microprocessors and chipsets," he added. "The larger worry is that because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole.”
Most Intel chipsets released in the last five years contain the vulnerability, the researchers said.
According to Rick Altherr, principal engineer at Eclypsium, a firmware security company, that covers all Intel CPUs with the Intel management engine prior to Generation 10's Ice Lake chips, including servers. "Successful exploitation of the vulnerability provides an attacker access to keys that are foundational to Intel's root of trust system," he told DCK.
That's a critical vulnerability, Altherr said, but exploiting it requires a direct memory access attack during the early boot process. That means that attackers either have to physically get inside a data center or compromise a device that has direct memory access.
If attackers manage to get physical access to a machine, there are many other ways they can compromise it, Yossi Naar, chief visionary officer and cofounder at Boston-based cybersecurity vendor Cybereason, pointed out. "If an attacker has physical access and the equipment and knowledge to exploit this, the data center has bigger fish to fry," he said.
There is no evidence so far of this vulnerability having been exploited in the wild, said Chris Kennedy, CISO and VP of customer success at AttackIQ, a San Diego-based cybersecurity firm. "However, even though this gap is really hard to exploit, data centers should not disregard it completely," he told DCK.
Yes, data centers are typically well-protected, with badge readers, locked doors, and hopefully multi-factor authentication,” James McQuiggan, security awareness advocate at KnowBe4, a security awareness training company, said. "If this is the case, the likelihood of this vulnerability being exploited should be considered low,” he said, but data center managers should still take this opportunity to review their physical access controls.
Intel declined to provide any information on what data center security managers should be doing about the problem other than pointing to guidance it published last year and updated last month, urging users to "adopt best security practices by installing updates as soon as they become available and being continually vigilant to detect and prevent intrusions and exploitations."
Intel did release a patch when it first disclosed the vulnerability a year ago. But according to Positive, that patch isn't an actual fix.
"Intel understands they cannot fix the vulnerability in the ROM of existing hardware," Ermolog said. "So, they are trying to block all possible exploitation vectors. The patch for CVE-2019-0090 addresses only one potential attack vector, involving the Integrated Sensors Hub. We think there might be many ways to exploit this vulnerability in ROM."
Maybe it's time for hardware vendors to take a lesson from car manufacturers, McQuiggan suggested. When a car turns out to have a safety problem, the manufacturer can announce a recall, and customers take the car into a shop for repair. "It would be interesting to see if the chips could be replaced through a similar program," he said.
The lack of Intel guidance for data centers is worrying.
"The irony here is that the vulnerability is inside of the Intel security software," Thomas Hatch, CTO and Co-Founder at SaltStack, a Lehi, Utah-based technology vendor, told us. "It cannot be patched in user space. This means that these issues will persist for years to come as companies cannot afford to completely replace vulnerable CPUs."
And when data centers do upgrade, he added, it may be time to seriously think about whether the Intel CPUs should be replaced with newer Intel CPUs – or whether the data center should switch to Arm or RISC chips.
