Discoverers Positive Technologies say this issue will affect all Intel processors of the past five years, except for its 10th generation chips. Existing at the hardware level, its researchers believe the bug could cause “utter chaos”. “Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted,” explained the company. “The vulnerability also sets the stage for arbitrary code execution with zero-level privileges in Intel CSME.” CSME stands for the Converged Security Management Engine, which is responsible for securing the firmware that runs on a user’s machine. Issues with its security severely erode trust in the platform, and the fact CSME is unprotected so early in a system’s boot stage means it will be vulnerable to attacks even after patching. Potentially, a skilled attacker could craft a malware that runs at the hardware level and is completely undetectable by most anti-virus solutions.
A Severity Disagreement
This flaw would require a lot of knowledge and skill to exploit, making it less likely it will target your average user. However, one concern is that some attackers could use other malware to remotely bypass OS-level protections, then use the Intel flaw to decrypt hardware or extract DRM-locked content. Microsoft System Guard and BitLocker both make use of CSME, for example. “For such an attack, in most cases, it is enough for an attacker to be able to execute code locally on the attacked machine (at the operating system level, i.e., kernel mode local code execution),” explained Positive Technologies’ Mark Ermlov to Ars Technica. “As soon as he can execute code on ISH, through this vulnerability he could attack Intel CSME and already execute arbitrary code on this subsystem, and by extracting the chipset key, it can do this on an ongoing basis (persistence). Thus, in most cases, the attacker does not need physical access to the vulnerable machine.” An Intel representative said that installing its latest BIOS and CSME updates should mitigate these types of attacks. Despite Positive Technologies’ warnings, Intel suggests that an attacker would require “specialized hardware and physical access”. It also downplayed the reach of the vulnerability, saying it could be exploited in “certain Intel products”. To mitigate the attack, Intel recommends maintaining physical possession of their PC or Laptop and install the latest updates as they become available.
