Another Intel Vulnerability, and it’s Unfixable…

Honestly, I saw this story this morning and I couldn’t help but think “what? Again… meh, same s*** different day” but that doesn’t make it any less of a serious issue. Researchers at Positive Technologies found the vulnerability Inside Intel’s Converged Security and Management Engine (CSME). I mean, that’s what I go digging through in my spare time too, but alas, they found that the CSME is actually a tiny CPU within a CPU.

The little chip in a chip is responsible for the security of the SoC. It’s basically a secure box for all the secret data handling on the chip I guess. However, they’ve cracked it and that means that now many millions of Intel CPU based systems from the last five years are now vulnerable.

Whoops

“Unfortunately, no security system is perfect. Like all security architectures, Intel’s had a weakness: the boot ROM, in this case. An early-stage vulnerability in ROM enables control over the reading of the Chipset Key and generation of all other encryption keys. One of these keys is for the Integrity Control Value Blob (ICVB). With this key, attackers can forge the code of any Intel CSME firmware module in a way that authenticity checks cannot detect. This is functionally equivalent to a breach of the private key for the Intel CSME firmware digital signature, but limited to a specific platform.” – Positive Technologies

Am I Safe?

It looks like every Intel CPU of the last 5 years is suffering this unfixable issue. However, the 10th Gen, Ice Point chipsets and SoCs are not affected by it. The only saving grace is that you need physical access to the hardware as it cannot be done remotely. Of course, that may be good for your gaming PC in your bedroom, not so great for your office computer in a sensitive industry.