A significant five-year vulnerability in Intel Chipsets discovered, only the latest Intel 10th generation CPUs not affected
It seems that hackers can compromise almost all Intel processors released in the past 5 years because of the unpatchable vulnerability found in a widely distributed model of chipsets released by Intel.[1] Also identified as CVE-2019-0090,[2] the flaw can be exploited by attackers because actors may extract the chipset key stored on the PCH microphonic and obtain access to any data encrypted using that particular key.
Such a breach cannot get detected, and firmware updates are not helpful in patching the vulnerability. This bug can lead to cyber-attacks, involving data decryption of files stored on the targeted device.
We believe extracting this key is only a matter of time. When this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted.
Positive Technologies released a blog post describing all the issues and possible misuses of the flaw.[3] Even though this flaw was patched last year but further analysis revealed that it is much worse than previously known. Researchers say that to protect devices that handle sensitive operations, CPUs should be replaced with versions that are not impacted by the vulnerability. The latest Intel 10th generation chips are the only ones not vulnerable.
CVE-2019-0090 vulnerability concerns the CSME
The flaw affects Converged Security and Management Engine within Intel CPUs released over the last five years. The 10th generation iterations are the only exception. CSME provides low-level cryptographic verifications when the motherboard boots, and this is the first thing that runs once the user starts the machine.[4]
This flaw was disclosed back in May of 2019, and Intel released its security update to patch the vulnerability. It was only partial help, as it seems right now because only one attack vector got disabled. At the time, this flaw was only described as a firmware bug that possibly allowed the actor with physical access to the CPU to get privileges and execute needed code from within CSME. Right now, there are many ways this flaw can get exploited since physical access is not needed, and a software update is not helping. As the in-depth report reveals:
We think there might be many ways to exploit this vulnerability in ROM. Some of them might require local access; others need physical access.
What can be done to block possible exploitation vectors
The flaw discovered by Positive Technologies affects Intel CSME boot ROM on almost all Intel Chipsets and SoCs that are available today. Intel understands that the company cannot fix this flaw with a patch or update. They try to block possible exploitations.
Although applying the patch for SA-00213 prevents the ISH vector from getting exploited, the bug in CSME boot ROM is not fixed this way.[5] The only way that users can fully fix the vulnerability is by replacing the CPUs entirely.
However, there are too many ways this flaw can get exploited. It can be used by users themselves for bypassing DRM protections, so the copyright-protected content can be accessed. This fact can make a huge difference in pirating and members of such services, most likely, to take an interest in the software bug.