TheWindowsClub News

TheWindowsClub Tech News covers the latest Microsoft Windows 10 news, along with other products & services like Office, etc.

Intel CSME bug CVE-2019-0090 can’t be fixed without hardware replacement

Researchers at Positive Technologies have found a major security flaw [CVE-2019-0090] in the Intel Converged Security and Management Engine (CSME) which cannot completely be fixed without a hardware replacement. The bug can severely damage the trust and reputation Intel has built over the years. And because the vulnerability allows a compromise at the hardware level, a mere firmware patch will not solve the problem.

Intel

The problem lies within Intel’s hardware and CSME firmware and occurs at the very early stages in its boot ROM. Intel CSME is a security feature in which handles the initial authentication in Intel CPUs. It also loads and verifies some of the other firmware that is responsible for supplying power to Intel chipset components, among several other processes.

How serious is the Intel CSME vulnerability?

In this case, as researchers describe, the culprit in question is Intel’s boot ROM. Researchers have discovered an early-stage vulnerability in Intel’s Boot ROM. First and foremost, this vulnerability is nearly impossible to detect.

And if exploited, attackers could recover Chipset Key and generation other encryption keys and disable authenticity checks. This could, in turn, result in a breach of the private key for the Intel CSME firmware digital signature.

Positive Technologies expert Mark Ermolov has this to say:

“To fully compromise EPID, hackers would need to extract the hardware key used to encrypt the Chipset Key, which resides in Secure Key Storage (SKS). However, this key is not platform-specific. A single key is used for an entire generation of Intel chipsets.”

If the hardware is not replaced, attackers could forge hardware IDs, gain access to digital content, and decrypt data from encrypted hard disks. The vulnerability affects all Intel CPUs. However, it doesn’t affect Intel’s 10th generation CPUs, ZDNet reports.

Intel is already aware of the bug and is trying to block all possible exploitation vectors. However, the company has acknowledged the vulnerability in the ROM of existing hardware cannot be fixed.

The previously patched bug only partially fixes the problem. However, researchers warn that hackers might come up with more ways to exploit this vulnerability in the future.

Updated on Tags:

TanmayPatange@TWCN

Tanmay loves writing about Technology, Internet, Apps, Social Media, and Cybersecurity. He also tracks OTT video content streaming space and likes to spend his weekends watching plays. You can contact him on Twitter @techtsp.

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap