A new Intel chip vulnerability described as “unfixable” could compromise the authentication process of most of the motherboards made in the last five years, giving an attacker full access to the system including encryption keys. The attack is currently theoretical in nature, however, and would require multiple complex steps to pull off including physical access to the device.
The scope of the Intel chip vulnerability
The new Intel chip vulnerability impacts CPUs that use the Intel Converged Security and Management Engine (CSME). Specifically, the flaw is found in chips that use CSME version 11. This CSME version was first used in the sixth generation of chips, which were first released in 2015. It is still in use and is not expected to be replaced until the 10th generation of Intel chips (Comet Lake) sees a retail launch sometime this year.
The flaw is found in the 6th to 9th generations of Intel CPUs, as well as the Server Platform Services and Trusted Execution Engine firmware. CSME firmware versions prior to 11.8.65, 11.11.65, 11.22.65 and 12.0.35 are vulnerable.
Intel has a firmware patch available for its own motherboards, but cannot patch the firmware of other motherboard manufacturers. That would be the vast majority of them, as Intel exited the motherboard business in 2013. It would appear that Intel’s firmware patch cannot actually fix the vulnerability, however; it simply attempts to block off potential exploit paths.
A device’s firmware version can be checked by accessing the BIOS during bootup. This vulnerability appears to be specific to Intel chips; AMD hardware is not affected. It is unclear if Apple’s T2 security chip is able to mitigate some or all of the Intel chip vulnerability.
How does the new Intel chip vulnerability work?
Intel’s CSME is the first step in the initial authentication of any system that uses one of its chips, verifying and booting all other firmware. It’s also necessary for certain other software-based security measures to function, such as Microsoft System Guard.
This means that an attacker essentially has access at as “root” of a level as one can get. Among other things, that means access to system encryption keys. If handled correctly, the breach would also be impossible for a system administrator to detect. An attacker could not just decrypt and exfiltrate information, but also have other computers pose as the compromised device by spoofing hardware IDs. It would also be possible to create malware and spyware that runs at the hardware level, rendering it invisible to antivirus software.
However, this Intel chip vulnerability is not one that can be exploited remotely or with any sort of ease. An attacker would need at least local access to the target computer, and even then World Privacy Forum founder Pam Dixon described the process as requiring “extraordinary time … and skill.” What information is available indicates that a local attacker would either need to physically access the motherboard with some sort of special tools, or would need to compromise other elements of the firmware first to launch a direct memory access attack against CSME. Intel has indicated that their firmware patch will block at least some local attacks; however, security researchers believe that it will not stop someone who has physical access to the motherboard.
At the moment, the public does not have access to much in the way of detailed information about the operation of the security flaw. Positive Technologies, the security firm that uncovered the vulnerability, has promised to release a white paper in the near future that provides technical details.
Intel’s ongoing security issues
Intel has struggled through a chain of processor vulnerabilities in recent years. The trouble started in 2018 with the discovery of Meltdown and Spectre, two chip vulnerabilities tied to timing measurements meant to improve processor performance. Intel was able to correct these with software patches, but the incident was serious enough to force the company to revamp its design process to address these issues. Like the new Intel chip vulnerability, these exploits could give attackers far-reaching access to compromised systems and in the case of Meltdown would be virtually undetectable.
The timing of all of this has been unfortunate for the company from a market perspective, as chief rival AMD has made great strides during this same period and now features performance and stability that rivals Intel products at a lower price point.
The current Intel chip vulnerability is manageable only if system manufacturers opt to create firmware updates for it, but at best it appears this will only curtail local access. Organizations will need to prevent physical access to computers to truly be certain that the exploit cannot be leveraged. Given this, it appears the only 100% safe fix is to replace a vulnerable CPU. That either means a switch to AMD, or a wait of possibly some months for the 10th generation of Intel processors to become more widely available.