Intel CSME vulnerability allows hackers to break encryption and DRM

[nanoguy]

A hot potato: Intel's largely undocumented master controller for its CPUs has a vulnerability that cannot be fixed, and is so severe that it can allow malicious actors to bypass storage encryption, copyrighted content protections, and take control of hardware sensors in IoT devices.

Security researchers have discovered that a new vulnerability present in Intel chips that have been released over the last five years is unfixable outside of replacing the hardware that's currently being used in millions of commercial and enterprise systems.

Specifically, this has to do with the Converged Security and Management Engine, which is essentially a tiny computer within your computer that has full access to all data that flows through your PC, from internal components to peripherals.

Intel has guarded the secrets of how this engine works in an effort to prevent competitors from copying it, but that hasn't prevented security experts from trying to crack their way in to see if it can be exploited by malicious actors.

The unfixable flaw was discovered by Positive Technologies, who says it's a firmware error that's hard-coded in the Mask ROM of Intel CPUs and chipsets. The problem is that Intel's CSME is also responsible for several security features, including the cryptographic protections for Secure Boot, digital rights management, and Enhanced Privacy ID (EPID). It also houses the Trusted Platform Module (TPM) that allows the OS and apps to store and manage keys for things like file system encryption.

Researchers explained that hackers can exploit a firmware error in the hardware key generation mechanism that allows them to take control of code execution. They noted that "when this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted."

The only recent platform immune to the problem is Intel's 10th generation, Ice Point chipsets and SoCs. However, the good news is that the attack method described by Positive Technology is rather difficult to achieve without other factors at play, such as direct physical access to the hardware in question.

This isn't the first time someone has managed to crack open Intel's ME subsystem. Security researchers uncovered other vulnerabilities in Intel's hardware in 2017 and 2018, not to mention the Spectre-style one from 2019 and the recently disclosed CacheOut attack, but at least those are fixable.

Permalink to story.

https://www.techspot.com/news/84282-intel-csme-vulnerability-allows-hackers-break-encryption-drm.html

 

[dirtyferret]

The attack method described by Positive Technology is rather difficult to achieve without other factors at play, such as direct physical access to the hardware in question.

So if someone breaks into my house and steals my PC, I should be worried they may hack into it?...got it

 

[Lionvibez]

The attack method described by Positive Technology is rather difficult to achieve without other factors at play, such as direct physical access to the hardware in question.

So if someone breaks into my house and steals my PC, I should be worried they may hack into it?...got it

your example would be more rare.

But how about a Work laptop that I've left in the back seat of my car, while in a store buying groceries or paying some bills. A smash and grab for something like that is far more likely.

 

[dirtyferret]

your example would be more rare.

But how about a Work laptop that I've left in the back seat of my car, while in a store buying groceries or paying some bills. A smash and grab for something like that is far more likely.

Yet they would still have access to your hardware.

 

[Lionvibez]

Yet they would still have access to your hardware.

I understand the point he was making you need physical access.His example was what I was picking at.

And provided an example when physical access is not as rare as his example.

Capiche?

 

[TheBigFatClown]

*sigh* Looks like I dodged yet another silver bullet since my last purchase was an AMD Ryzen! Yippee!

While it may not have much practical impact on gamers who sacrifice all security for a few extra FPSs it's still not something I would enjoy hearing about if I had purchased one of the affected CPUs. It would bring my confidence down in the product. And they say it doesn't not affect the 10th generation of Intels CPUs. So, that's good to hear.

 

[Burty117]

Does that mean we might be able to (finally) crack UHD Blu-ray DRM (AACS2.0)?

 

[CrisisDog]

Haha. Well, thankfully all my Intel based computers are about 10 or more years old. All my new PCs have been AMD.

 

[dirtyferret]

I understand the point he was making you need physical access.His example was what I was picking at.

And provided an example when physical access is not as rare as his example.

Capiche?

I understand you fail to get the fact the issue at large would be the theft of property. I guess you don't comprendre that fact which is a you problem.

 

[PEnnn]

How ironic would it be if it turns out the whole fiasco is mostly related to the beloved DRM scheme!!

Now, new AMD ads should say something to the tune:"Hey, we cost less, have more cores AND are not hackable!!"

 

[brucek]

I'm with the first poster on this -- at least for the consumer devices these chips are in, once you have physical control of the device, you likely already had more straightforward ways into the local data on it than this new exploit. So this does not represent a new threat to loss of data vs. what was already there.

 

[wiyosaya]

Does that mean we might be able to (finally) crack UHD Blu-ray DRM (AACS2.0)?

I was thinking the same thing. Not that it means much, but it is now AACS2.1. I wish someone would come up with something like this. Having to have SGX is just lame.

 

[Irata]

The attack method described by Positive Technology is rather difficult to achieve without other factors at play, such as direct physical access to the hardware in question.

So if someone breaks into my house and steals my PC, I should be worried they may hack into it?...got it

So I assume you are not using Passwords for any of your systems then.

 

[Irata]

Does that mean we might be able to (finally) crack UHD Blu-ray DRM (AACS2.0)?

I think that‘s an important point: Not necessarily stealing data from someone else‘s PC but rather people being able to extract data on their own PC they shouldn‘t be able to extract.

Netflix, Disney+ and others should be doing a cost benefit analysis right now regarding losing customers by excluding affected systems from their services vs. having their content pirated.

Disney e.g. stands to lose a lot of subscribers if The Mandalorian and Clone Wars become available pirated.

Company PC are another risk, particularly those who do not require hardware dongles to access. There are people cleaning offices after hours when no one else is around. Could also be disgruntled employees with physical access copying data that is normally copy protected.

 

[brucek]

I'm trying to figure out if that reply was sarcastic? You must know The Madalorian as well as essentially 100% of wide release popular titles are and always have been available pirated. The cost/benefit is easy - if it was released at all it was going to be pirated, but the benefit is that there's a large mainstream audience that is happy to pay for it anyway. As far as "piracy" goes, I think there's probably a lot more people who do simple account sharing vs. who care to use any of the less mainstream options anyway.

 

[yeeeeman]

How ironic would it be if it turns out the whole fiasco is mostly related to the beloved DRM scheme!!

Now, new AMD ads should say something to the tune:"Hey, we cost less, have more cores AND are not hackable!!"

Not hackable reading as, nobody focused on our hardware to find the holes, YET.
Give it a bit more time, for AMD to gain marketshare and the researchers will start finding holes in AMD HW too.

 

[Irata]

I'm trying to figure out if that reply was sarcastic? You must know The Madalorian as well as essentially 100% of wide release popular titles are and always have been available pirated. The cost/benefit is easy - if it was released at all it was going to be pirated, but the benefit is that there's a large mainstream audience that is happy to pay for it anyway. As far as "piracy" goes, I think there's probably a lot more people who do simple account sharing vs. who care to use any of the less mainstream options anyway.

No, the reply was not sarcastic, at all. If DRM is compromised, it means that any secured content on those machines can be extracted more easily.
Afair, content providers like e.g. Netflix are a bit choosy on which hardware they allow you to watch their content, particularly in 4k resolutions. I e.g. have an Android tablet where I can watch it but not in hd since it does not support all the content protection measures Netflix requires.

How / if content providers react to this remains to be seen but I doubt they are not looking at this.

 

[Ravalo]

Cons:

Intel: security holes and various exploits

AMD: driver issues and rx 5700 xt TUF edition

Nvidia: ?

 

[ShagnWagn]

I understand you fail to get the fact the issue at large would be the theft of property. I guess you don't comprendre that fact which is a you problem.

Because we know people who hack computers won't also break the law by stealing? Are you one of those people who think taking guns from the law abiding will prevent criminals from using them?

 

[BadThad]

Physical access exploits do not concern me personally. They'd have to get past my dog and my 9mm first, both HIGHLY unlikely. As long as some pathetic douche cannot run a few lines of code remotely and easily exploit my system, I don't really care.

 

[GNelson]

Programmer side: Intel is huge and should have tested better as this stuff has been in play for 10+ years. If AMD isn't effected and they can do it right then Intel 10 times bigger can't is just a bunch of lame in a bag from them. Writing software isn't easy, but now we have to make sure it won't break on a processor or open a flaw that we didn't know about. Frankly, I just recommend AMD from this point forward as Intel you suck at providing information to the GEEKS living in the trenches.

 

[CharmsD]

Programmer side: Intel is huge and should have tested

Thanks for the laugh!



tl;dr

better as this stuff has been in play for 10+ years. If AMD isn't effected and they can do it right then Intel 10 times bigger can't is just a bunch of lame in a bag from them. Writing software isn't easy, but now we have to make sure it won't break on a processor or open a flaw that we didn't know about. Frankly, I just recommend AMD from this point forward as Intel you suck at providing information to the GEEKS living in the trenches.

...

 

[hapkiman]

your example would be more rare.

But how about a Work laptop that I've left in the back seat of my car, while in a store buying groceries or paying some bills. A smash and grab for something like that is far more likely.

And that would be a self-made problem. Never Ever leave your laptop in the back seat of your car while you go shopping. Ever. Lets try a make it a little hard for would be thieves can't we? If you don't have a trunk to store it, then buy a case and carry it with you, or leave it locked in you locker or office at work.

 

[mosu]

Are you sure this is a glitch? Some agencies would think otherwise.

 

[Gezzer]

The attack method described by Positive Technology is rather difficult to achieve without other factors at play, such as direct physical access to the hardware in question.

So if someone breaks into my house and steals my PC, I should be worried they may hack into it?...got it

Actually even then you don't have a lot to worry about IMHO. If someone has physical access they really don't need any sort of fancy hard to execute exploit to get in. OTOH a disgruntled IT employee compromising company hardware?