Another day, another vulnerability. Intel has just released firmware updates for a vulnerability (CVE-2018-3655) in the Intel Converged Security and Manageability Engine (CSME). The security flaw enables threat actors to recover, modify, or delete data stored on Intel’s CPU chip-on-chip system.
CSME, also known as Management Engine BIOS Extension, contains a list of components such as the Intel Management Engine (ME) used with mainstream Intel chipsets, the Server Platform Services (SPS) used for servers, and the Trusted Execution Engine (TXE) used as a remote management engine for tablets and embedded devices.
Furthermore, Intel ME, SPS, and TXE are designed to work as a separate computer on top of the main Intel CPU. These components have their own stripped-down OS, memory, network interface, and storage system.
Positive Technologies experts Mark Ermolov and Maxim Goryachy who discovered the vulnerabilities explained specifically for Intel ME that:
Intel ME (short for “Management Engine”) stores data with the help of MFS (which likely stands for “ME File System”). MFS security mechanisms make heavy use of cryptographic keys. Keys differ in purpose (confidentiality vs. integrity) and degree of data sensitivity (Intel vs. non-Intel).
It should be noted that the most sensitive data is protected by Intel Keys, with Non-Intel Keys used for everything else. In short, four keys are used: Intel Integrity Key, Non-Intel Integrity Key, Intel Confidentiality Key, and Non-Intel Confidentiality Key.
As a matter of fact, the very same researchers gained access to these keys access in 2017. Back then, they used a security flaw in JTAG, a debugging interface, to recover the four encryption keys deployed by Intel ME, SPS, and TXE.
In the current scenario, the researchers relied on the same attack mechanism with the only difference that they leveraged the vulnerability to uncover the two Non-Intel keys. With this new attack, (Read more...)