Over the last few years we have seen more and more systemic hardware flaws allowing for complete compromise of a system that ever before. From the UEFI Bios to compromising core management functions attacks no longer have to worry about anti-malware as they can bypass much of that by now. The latest flaw uncovered exists in Intel chipsets and is so ingrained into the hardware that it is no fixable with a patch. There are patches to make this flaw harder to exploit, but they can never make it go away.

In this case the issue is with the CSME (Converged Security and Management Engine) and the SPS (Sever Platform Services in pretty much all of the Intel based motherboards made in the last five years. The flaw is easiest to exploit hen you have local access, but according to researchers at Positive Technologies it can be done remotely with more effort. The flaw itself is in the way the ROM (Read Only Memory) in these systems is protected. By exploiting this flaw (CVE-2019-0090) a skilled attacker could read the chipset key directly from the PCH. This could allow for a large number of extended attacks, including recovery of encrypted information (as long as it used the local Intel encryption), spoofing a physical device to appear to be the attacked device (through gathering the attacked device’s Enhanced Privacy ID),

By compromising this system, at this level you are basically giving away the keys to the kingdom, you have the ability to compromise the firware TPM, any DRM protected content, and Intel Identity Protection. As we mentioned above, remote exploitation of this would be rather difficult, although not impossible, however it does expose lost or stollen laptops and devices, as well as opening up a new supply chain hack. Considering where some of the motherboards are made it would not be out of the realm of possibility for someone to compromise a certain number of boards before being shipped to high value targets. Once the keys are in hand remote access to those systems would not be too difficult to set up (think about the UEFI BIOS based agent from years past).

Current recommendations for this nasty little bug are to contact your mother board manufacturer to obtain the latest BIOS update (if there is one), to disable CSME encryption (or disable CSME completely if possible), or to upgrade to a 10th generation Intel CPU (not always possible).

We expect hardware hacking and flaws like this one to continue to pop up as more and more attention is paid to how components on current hardware communicate and work. Sadly, this is something that the security industry has not even begun to spend money on detecting, let alone preventing.