Intel CSME vulnerability allows hackers to break encryption and DRM

nanoguy

Posts: 652   +11
Staff member

Security researchers have discovered that a new vulnerability present in Intel chips that have been released over the last five years is unfixable outside of replacing the hardware that's currently being used in millions of commercial and enterprise systems.

Specifically, this has to do with the Converged Security and Management Engine, which is essentially a tiny computer within your computer that has full access to all data that flows through your PC, from internal components to peripherals.

Intel has guarded the secrets of how this engine works in an effort to prevent competitors from copying it, but that hasn't prevented security experts from trying to crack their way in to see if it can be exploited by malicious actors.

The unfixable flaw was discovered by Positive Technologies, who says it's a firmware error that's hard-coded in the Mask ROM of Intel CPUs and chipsets. The problem is that Intel's CSME is also responsible for several security features, including the cryptographic protections for Secure Boot, digital rights management, and Enhanced Privacy ID (EPID). It also houses the Trusted Platform Module (TPM) that allows the OS and apps to store and manage keys for things like file system encryption.

Researchers explained that hackers can exploit a firmware error in the hardware key generation mechanism that allows them to take control of code execution. They noted that "when this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted."

The only recent platform immune to the problem is Intel's 10th generation, Ice Point chipsets and SoCs. However, the good news is that the attack method described by Positive Technology is rather difficult to achieve without other factors at play, such as direct physical access to the hardware in question.

This isn't the first time someone has managed to crack open Intel's ME subsystem. Security researchers uncovered other vulnerabilities in Intel's hardware in 2017 and 2018, not to mention the Spectre-style one from 2019 and the recently disclosed CacheOut attack, but at least those are fixable.

Permalink to story.

 

dirtyferret

Posts: 658   +824
The attack method described by Positive Technology is rather difficult to achieve without other factors at play, such as direct physical access to the hardware in question.

So if someone breaks into my house and steals my PC, I should be worried they may hack into it?...got it
 

Lionvibez

Posts: 2,131   +1,560
The attack method described by Positive Technology is rather difficult to achieve without other factors at play, such as direct physical access to the hardware in question.

So if someone breaks into my house and steals my PC, I should be worried they may hack into it?...got it
your example would be more rare.

But how about a Work laptop that I've left in the back seat of my car, while in a store buying groceries or paying some bills. A smash and grab for something like that is far more likely.
 

dirtyferret

Posts: 658   +824
your example would be more rare.

But how about a Work laptop that I've left in the back seat of my car, while in a store buying groceries or paying some bills. A smash and grab for something like that is far more likely.
Yet they would still have access to your hardware.
 

TheBigFatClown

Posts: 833   +318
*sigh* Looks like I dodged yet another silver bullet since my last purchase was an AMD Ryzen! Yippee!

While it may not have much practical impact on gamers who sacrifice all security for a few extra FPSs it's still not something I would enjoy hearing about if I had purchased one of the affected CPUs. It would bring my confidence down in the product. And they say it doesn't not affect the 10th generation of Intels CPUs. So, that's good to hear.
 

dirtyferret

Posts: 658   +824
I understand the point he was making you need physical access.His example was what I was picking at.

And provided an example when physical access is not as rare as his example.

Capiche?
I understand you fail to get the fact the issue at large would be the theft of property. I guess you don't comprendre that fact which is a you problem.
 
  • Like
Reactions: TYguys

PEnnn

Posts: 515   +476
How ironic would it be if it turns out the whole fiasco is mostly related to the beloved DRM scheme!!

Now, new AMD ads should say something to the tune:"Hey, we cost less, have more cores AND are not hackable!!"
 
  • Like
Reactions: TempleOrion

brucek

Posts: 638   +809
TechSpot Elite
I'm with the first poster on this -- at least for the consumer devices these chips are in, once you have physical control of the device, you likely already had more straightforward ways into the local data on it than this new exploit. So this does not represent a new threat to loss of data vs. what was already there.
 
  • Like
Reactions: BadThad

wiyosaya

Posts: 5,569   +3,749
Does that mean we might be able to (finally) crack UHD Blu-ray DRM (AACS2.0)?
I was thinking the same thing. Not that it means much, but it is now AACS2.1. I wish someone would come up with something like this. Having to have SGX is just lame.
 

Irata

Posts: 1,123   +1,762
TechSpot Elite
The attack method described by Positive Technology is rather difficult to achieve without other factors at play, such as direct physical access to the hardware in question.

So if someone breaks into my house and steals my PC, I should be worried they may hack into it?...got it
So I assume you are not using Passwords for any of your systems then.
 
  • Like
Reactions: Julio Franco

Irata

Posts: 1,123   +1,762
TechSpot Elite
Does that mean we might be able to (finally) crack UHD Blu-ray DRM (AACS2.0)?
I think that‘s an important point: Not necessarily stealing data from someone else‘s PC but rather people being able to extract data on their own PC they shouldn‘t be able to extract.

Netflix, Disney+ and others should be doing a cost benefit analysis right now regarding losing customers by excluding affected systems from their services vs. having their content pirated.

Disney e.g. stands to lose a lot of subscribers if The Mandalorian and Clone Wars become available pirated.

Company PC are another risk, particularly those who do not require hardware dongles to access. There are people cleaning offices after hours when no one else is around. Could also be disgruntled employees with physical access copying data that is normally copy protected.
 
  • Like
Reactions: TempleOrion

brucek

Posts: 638   +809
TechSpot Elite
I'm trying to figure out if that reply was sarcastic? You must know The Madalorian as well as essentially 100% of wide release popular titles are and always have been available pirated. The cost/benefit is easy - if it was released at all it was going to be pirated, but the benefit is that there's a large mainstream audience that is happy to pay for it anyway. As far as "piracy" goes, I think there's probably a lot more people who do simple account sharing vs. who care to use any of the less mainstream options anyway.
 
  • Like
Reactions: CharmsD

yeeeeman

Posts: 361   +304
How ironic would it be if it turns out the whole fiasco is mostly related to the beloved DRM scheme!!

Now, new AMD ads should say something to the tune:"Hey, we cost less, have more cores AND are not hackable!!"
Not hackable reading as, nobody focused on our hardware to find the holes, YET.
Give it a bit more time, for AMD to gain marketshare and the researchers will start finding holes in AMD HW too.
 

Irata

Posts: 1,123   +1,762
TechSpot Elite
I'm trying to figure out if that reply was sarcastic? You must know The Madalorian as well as essentially 100% of wide release popular titles are and always have been available pirated. The cost/benefit is easy - if it was released at all it was going to be pirated, but the benefit is that there's a large mainstream audience that is happy to pay for it anyway. As far as "piracy" goes, I think there's probably a lot more people who do simple account sharing vs. who care to use any of the less mainstream options anyway.
No, the reply was not sarcastic, at all. If DRM is compromised, it means that any secured content on those machines can be extracted more easily.
Afair, content providers like e.g. Netflix are a bit choosy on which hardware they allow you to watch their content, particularly in 4k resolutions. I e.g. have an Android tablet where I can watch it but not in hd since it does not support all the content protection measures Netflix requires.

How / if content providers react to this remains to be seen but I doubt they are not looking at this.
 

Ravalo

Posts: 279   +128
Cons:

Intel: security holes and various exploits

AMD: driver issues and rx 5700 xt TUF edition

Nvidia: ?
 

ShagnWagn

Posts: 1,297   +1,083
I understand you fail to get the fact the issue at large would be the theft of property. I guess you don't comprendre that fact which is a you problem.
Because we know people who hack computers won't also break the law by stealing? Are you one of those people who think taking guns from the law abiding will prevent criminals from using them?
 
  • Like
Reactions: wizardB and mosu

BadThad

Posts: 319   +243
Physical access exploits do not concern me personally. They'd have to get past my dog and my 9mm first, both HIGHLY unlikely. As long as some pathetic douche cannot run a few lines of code remotely and easily exploit my system, I don't really care.
 
  • Like
Reactions: Dimitrios

GNelson

Posts: 16   +23
Programmer side: Intel is huge and should have tested better as this stuff has been in play for 10+ years. If AMD isn't effected and they can do it right then Intel 10 times bigger can't is just a bunch of lame in a bag from them. Writing software isn't easy, but now we have to make sure it won't break on a processor or open a flaw that we didn't know about. Frankly, I just recommend AMD from this point forward as Intel you suck at providing information to the GEEKS living in the trenches.
 

CharmsD

Posts: 411   +255
Programmer side: Intel is huge and should have tested
Thanks for the laugh!



tl;dr
better as this stuff has been in play for 10+ years. If AMD isn't effected and they can do it right then Intel 10 times bigger can't is just a bunch of lame in a bag from them. Writing software isn't easy, but now we have to make sure it won't break on a processor or open a flaw that we didn't know about. Frankly, I just recommend AMD from this point forward as Intel you suck at providing information to the GEEKS living in the trenches.

...
 

hapkiman

Posts: 12   +3
your example would be more rare.

But how about a Work laptop that I've left in the back seat of my car, while in a store buying groceries or paying some bills. A smash and grab for something like that is far more likely.
And that would be a self-made problem. Never Ever leave your laptop in the back seat of your car while you go shopping. Ever. Lets try a make it a little hard for would be thieves can't we? If you don't have a trunk to store it, then buy a case and carry it with you, or leave it locked in you locker or office at work.
 

Gezzer

Posts: 106   +53
The attack method described by Positive Technology is rather difficult to achieve without other factors at play, such as direct physical access to the hardware in question.

So if someone breaks into my house and steals my PC, I should be worried they may hack into it?...got it
Actually even then you don't have a lot to worry about IMHO. If someone has physical access they really don't need any sort of fancy hard to execute exploit to get in. OTOH a disgruntled IT employee compromising company hardware?
 
  • Like
Reactions: TempleOrion