Outro dia, outra vulnerabilidade. Intel acaba de lançar atualizações de firmware para uma vulnerabilidade (CVE-2018-3655) na Intel Converged segurança e gerenciamento do motor (CSME). A falha de segurança permite que ameaça atores para recuperar, modificar, or delete data stored on Intel’s CPU chip-on-chip system.
CSME, also known as Management Engine BIOS Extension, contains a list of components such as the Intel Management Engine (MIM) used with mainstream Intel chipsets, the Server Platform Services (SPS) used for servers, and the Trusted Execution Engine (TXE) used as a remote management engine for tablets and embedded devices.
além disso, Intel ME, SPS, and TXE are designed to work as a separate computer on top of the main Intel CPU. These components have their own stripped-down OS, memória, network interface, and storage system.
Positive Technologies experts Mark Ermolov and Maxim Goryachy who discovered the vulnerabilities explicado specifically for Intel ME that:
Intel ME (abreviatura de “Mecanismo de Gerenciamento”) stores data with the help of MFS (which likely stands for “ME File System”). MFS security mechanisms make heavy use of cryptographic keys. Keys differ in purpose (confidentiality vs. integridade) and degree of data sensitivity (Intel vs. non-Intel).
It should be noted that the most sensitive data is protected by Intel Keys, with Non-Intel Keys used for everything else. Em resumo, four keys are used: Intel Integrity Key, Non-Intel Integrity Key, Intel Confidentiality Key, and Non-Intel Confidentiality Key.
De fato, the very same researchers gained access to these keys access in 2017. Naquela época, they used a security flaw in JTAG, a debugging interface, to recover the four encryption keys deployed by Intel ME, SPS, and TXE.
In the current scenario, the researchers relied on the same attack mechanism with the only difference that they leveraged the vulnerability to uncover the two Non-Intel keys. With this new attack, they obtained access to the immutable non-Intel root secret as well as the Intel Security Version Number (SVN).
Intel has already issued a patch with the ME, SPS, and TXE firmware updates to address this vulnerability. The vulnerability itself is known as CVE-2018-3655. It is described as an escalation of privilegeand information disclosure vulnerability with high severity rating and impact.
Here is the official description of CVE-2018-3655:
A vulnerability in a subsystem in Intel® CSME before version 11.21.55, Intel® Server Platform Services before version 4.0 and Intel® Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access.