'Unfixable' boot ROM security flaw in millions of Intel chips could spell 'utter chaos' for DRM, file encryption, etc A slit in Intel's security – a tiny window of opportunity – has been discovered, and it's claimed the momentary weakness could be one day exploited to wreak "utter chaos." It is a fascinating vulnerability, though non-trivial to abuse in a practical sense. It cannot be fixed without replacing the silicon, only mitigated, it is …
TBC, but I reckon mutliple CPUs are going to make it harder for an exploit to successfully attack both successfully in that narrow window of opportunity. Doesn't mean its impossible.
Of course, what we now know is that pretty much every Intel CPU has the same key inside, and that need leak only once anywhere in the Internet for whatever havoc that can then ensue to actually happen. If that includes exploits beating up CPUs later on in their runtime (i.e. after that narrow window of opportunity has passed, but others are open if the key is known), then presumably all CPUs in a multi-chip setup would be vulnerable.
Could be that anyone relying on Intel CPU security features is going to be in a whole heap of trouble real soon.
Good news for AMD of course, though who knows what problems actually exist over there. On the whole they do seem to have dodged most of the bullets that have done a lot to dent Intel's reputation recently.
Good news for AMD of course
AMD has pretty much the exact same system in play, it just hasn't been attacked as earnestly as the IME yet. Look into the PSP. This is only good news for AMD if they can continue to lie about their security focus while still forcing the exact same DRM model that has brought Intel to this situation.
Go ahead, downvote me for daring to speak against Team Red...
Re. AMD, they very well may have the same vulnerability in their chipsets. Or they may have corrected any hole years ago. Since I have not seen an article analyzing AMD yet, I'm going to cautiously give them the benefit of the doubt thus far, partially in good faith since their CPUs aren't nearly as vulnerable as Intel's offerings from the same era, at least to as many exploits.
I know for a fact they just haven't been analyzed as much. AMD still has the exact same "keys to the kingdom" problem, they're just at a much smaller market share so interest in cracking their key versus Intel's key is a lot lower.
Same way Linux doesn't have many viruses -- tiny market share in terms of gullible PC users, so just not worth the effort to crack (yet).
The flaw exists in the supporting "Platform Controller Hub" or PCH rather than the CPU, so on a multi-processor system this is still likely to be present, assuming the PCH has the Intel Management Engine functionality.
As far as I can tell, this appears to make TPM/content protection keys vulnerable and may provide a way of introducing firmware onto hardware in the system. I say may as access appears to be gated by ROM instructions - it's not a free for all.
Its worth noting that this is using an Intel debug bus for access - while this information and the tools to use it are being publicly disclosed, Intel will already have something similar for debugging/development purposes. And will likely have provided it to their friends.
This is exactly why we use ARM and Power systems (though technically those systems are chosen only for the open firmware, it's mainly that those two architectures have CPUs with open firmware that are powerful / pervasive enough to be useful).
I just can't believe it's taken this long for the master key to leak...
...which makes me suspect it's already been extracted some time ago, just not in white hat circles / publicly.
Wonder what the GDPR implications are, since it's not exactly like the IME was a secret for the past 5+ years? Shouldn't purposefully choosing a cheap, but insecure, platform to store protected trigger some fairly nasty fines now that data leak (especially of, and I quote, "encrypted" data) is possible? Especially since the decision was purely to minimize cost on "that IT cost centre"?
If any kit on your computer has DMA access, is it capable of attacking the CSME in this way? I'm thinking perhaps of Ethernet controllers for systems that have power-on over Ethernet capability. If that controller has a different vulnerability that would allow an attacker to modify the ROM of the Ethernet controller, which has DMA and can reset the processor (or potentially power-cycle it) then you could have a significant vulnerability.
If that controller has a different vulnerability that would allow an attacker to modify the ROM of the Ethernet controller...
and what about the driver of that Ethernet controller ? For some of these controllers it's probably a closed-source driver, therefore anybody having access to the source of said driver could have already installed a usable exploit of this "vulnerability".
Said otherwise:
- US companies make Ethernet controllers with closed-source (binary blob) drivers.
- US government is known to spy on everybody, using computer tech
- US government has a law called "Gagging order" which prevents any US person from even telling that it received such an order
- US tech firm has made a "mistake" that can be leveraged by a DMA-capable Ethernet controller.
So, what are the odds that all this was actually designed: bake a backdoor into a family of CPUs, make said back-door exploitable via DMA at resume, make Ethernet controllers DMA and wake-on-LAN capable, install exploit of said backdoor into said driver of said controller, send gagging orders to everybody involved that they can't talk about any of it. Disguise all this as an unfortunate bug.
Yes, the NSA could have asked for the key's themselves, but if that request were ever to be leaked it would be impossible to deny.
> "So, basically, an attacker needs to run some software on your computer in a tiny period before the processor has been switched on, let alone started running even the OS? That sounds like a risk I'm happy to take."
How about "if my brain is dead just for a tiny period, it sounds like a risk I'm happy to take." ?
Tiny in deed.
@Ian Johnson
This doesn't need to interact with your OS at all. Dodgy software can attack the Intel management engine, which is a full-blown computer that resides inside your CPU and which has it's own OS and direct access to RAM, storage and all the rest of your hardware. By the time your PC gets as far as the BIOS to start the boot up process it is already game over - and there is nothing you can do to stop or fix it without getting a new, non-Intel CPU. This affects just about all the generations of the Core family, as well as various Xeons, Pentiums, Atoms and Celerons.
Don't some Intel or some Mobos have a JTAG accessible via USB?
Basically if you have LOCAL access, i.e. you are the Evil Maid (or Butler), all bets are off. Encrypted Discs, TPM, etc. The wonders of HID mean that you don't personally have to be local, send a nice gamer mouse to the target.
Maybe this needs something clever connected to the computer, but unlike regular warfare the "sniper" can keep trying at that crack without getting caught.
Wouldn't surprise me either if some maker leaves a flaw via esata, or the laptop dock or HDMI signalling or USB that allows the sniping.
Mine's the one with an apparently normal set of mouse, SD card, external esata device, USB mobile modem and USB memory sticks to drop on desks or in car parks.
Intel motherboards have a debug interface accessible with appropriate hardware
It looks like this would allow you to bypass TPM (bad) and HDCP (good....), but you need physical access to the device to do bad stuff.
As for firmware flaws, I suspect there are a lot of "standard practices" with firmware updating that makes this potentially dangerous - we never thought we'd need to digitally sign new firmware because it could only be updated by doing X....
Could be a bit of both. "Any point fixing this rare race case?" Would have little need to fix as "nah there's no risk it's too hard and impossible to exploit. "
With a little of "oh that's a nice overlooked error there we can use, lean on our friends at Intel not to fix or to add extra features to this..."
While attributing planning to this might be off. For those in the know or those with requirements ot would not take long for it to be a trick of the trade useful feature.
See the million dollar iPhone unlock exploits for sale as an example or frozen dram chip swaps as another. Why fix something so obscure a security risk? Why expect those who newd it not to take the easy route to cracking the system?
> utter chaos will reign
Nonsense! It affects only a subset of the world's machines and it really only makes easier some already-extant attacks.
So... partial chaos will reign.
Or perhaps, utter chaos will have a surprise surge in the electorate. Despite forming a new minority party, it fails to secure control of the country.
So we must assume the key is already extracted.The important question:
What can be done with that key? ...... Richard 12
The fear is pretty much take over and make over of operating systems catastrophically vulnerable to remote anonymous commands controlling collapses in exclusive executive market flash crashes, Richard 12.
And that and/or those able to exercise that key facility/utility are perfect candidates for exercising the efficacy of the power of Danegeld.
However, if ever classified as TS/SCI, it will not be widely known as an unfixable systemic security flaw being exploited and doused with Danegeld to try and mitigate and prevent colossal damage and manic disruption from a secret uncovered which cannot be denied, which remarkably allows it to be more stealthily employed elsewhere, should it be so desired.
My servers are re-booted maybe once in six months....maybe less often.
*
So....and attacker has a few seconds once every 15 million seconds.....so pretty difficult to time the attack!
*
But then, if the attacker has sufficient access to initiate the reboot....then it's game over anyway!
*
Move along....nothing to see here!
So the title mentions DRM and file encryption. So what does this mean for streaming video and Blu-ray playback on a computer?
Will video streaming be blown wide open once CSME access is gained? How about the encryption between a computer and an HDMI display? Will Blu-ray playback be able to be intercepted through this? What kind of ramifications does this have on DRM in general?
Why would they even do that? There are better ways of generating, storing, and protecting keys in HW during manufacturing. Unless Intel, in its infinite wisdom, decided to 'simplify' this whole process by simplifying the injection of keys.
WTF. Basic ABC of root of trust.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
