
'Unfixable' security flaw in Intel boot ROM - LysPJ
https://www.theregister.co.uk/2020/03/05/unfixable_intel_csme_flaw/
======
stoicShell
The useful gist:

> _" To fully compromise EPID, hackers would need to extract the hardware key
> used to encrypt the Chipset Key, which resides in Secure Key Storage (SKS),"
> explained Positive's Mark Ermolov._

> _" However, this key is not platform-specific. A single key is used for an
> entire generation of Intel chipsets. And since the ROM vulnerability allows
> seizing control of code execution before the hardware key generation
> mechanism in the SKS is locked, and the ROM vulnerability cannot be fixed,
> we believe that extracting this key is only a matter of time._

> _" When this happens, utter chaos will reign. Hardware IDs will be forged,
> digital content will be extracted, and data from encrypted hard disks will
> be decrypted."_

And this formidable response as usual:

> _Intel says folks should install the firmware-level mitigations, "maintain
> physical possession of their platform," and "adopt best security practices
> by installing updates as soon as they become available and being continually
> vigilant to detect and prevent intrusions and exploitations."_

When will it stop? How deep run the flaws in Intel's platform? Is AMD equally
exposed?

~~~
OrangeMango
> "maintain physical possession of their platform"

That ship has sailed.

~~~
mysterydip
What about physical possession before you own it? Will this potentially sour a
used/refurbished market?

~~~
rolph
this is more about the chipset on the motherboard.

to backdoor this you need to saddle a chip or a connector onto the PCH chip
and win the race to takeover the bus.

or if your intel and you send a firmware update to modify the ME behaviour
/state.

it would be fairly suspect in most cases but if this was done at the factory,
it would be hard to tell for most people.

What really matters is just how much of a target you might be for someone to
take the effort to engage in what really amounts to industrial/corporate
espianage.

~~~
Bnshsysjab
How far fetched would nation states performing this at airports be?

~~~
rolph
in socratic fashion...

how long does it take for a machine to be opened and booted up, and what sort
of charade would be required to make the opportunity.

if someone flatout stole your laptop, how long would it take for you to notice
its been replaced by a stand in? would someone have the opportunity to swap
your real laptop back to you unnoticed?

and seriously it doesnt need to be a nation state that does this, as all you
need to be capable of physically is to inject digital pulses into the bus
crafting an exploit is where the skill comes in.

some people are motivated just by the opportunity to stir a pot.

------
mindslight
> _This is used for things like providing anti-piracy DRM protections, and
> Internet-of-Things attestation_

"Internet-of-Things attestation" ?? A poor attempt to stick a refreshing
buzzword in front of a fundamentally unwanted user-betraying open-society-
undermining technology.

Remote attestation does away with the basic foundation of _protocols_ for
mediating between mutually-untrusting parties, making it so users must trust
the remote party. Imagine if websites attempting to enforce (browser
fingerprinting, no image save, anti-adblock, etc) could successfully implement
their hostile restrictions!

This break is great news for everybody that wants their computer to remain
under _their own control_ , rather than an increasingly locked down Big Tech
WebTV.

~~~
dnautics
> "Internet-of-Things attestation" ?? A poor attempt to stick a refreshing
> buzzword in front of a fundamentally unwanted user-betraying open-society-
> undermining technology.

While I agree with you at a consumer level, at the industrial level this is a
thing. Like, imagine a vertical farm that is controlled by a thousand,
networked on-prem robots. An "attestation" mechanism makes setting this up
easier and less-error prone.

~~~
mindslight
How so specifically, compared to say just imaging the devices? Are we really
worried about rogue employees putting rootkits on said robots, and to what
end?

Remote attestation in general does have positive uses, and would be freedom
preserving if the signing keys were controlled by the device's owner. The
problem is Intel's design of baking in privileged keys that they themselves
control, such that hostile parties can require that you run software that they
provably control.

~~~
mschuster91
> Are we really worried about rogue employees putting rootkits on said robots,
> and to what end?

Not about rogue employees, but adversary states, just think of Stuxnet.
Messing up a nation's food supply can induce everything from mild unrest to
full scale civil war and mass migration. For now (!) we have the lucky
advantage that most farm labor is still manual / the machines that exist can
either be trivially replaced with older non-smart machines or by manual
labor... but imagine 20, 30 years in the future?

------
6510
Perhaps it sounds dumb but when I buy something I want to own it. It doesn't
seem all that legally complicated? After I buy a thing it should stop doing
things for previous owners.

------
eatonphil
The labs team at work wrote a bit [0] about why this is over-hyped (more
context in the full post):

> Arbitrary code execution is bad! But exploiting this vulnerability requires
> local access at a minimum, compounded by the attacker needing to exploit a
> relevant device to gain a foothold on the system. This list of valid
> footholds is quite limited. For instance, an attacker would need to perform
> code execution in the ISH or other Platform Controller Hub (PCH) devices —
> exploiting PCIe devices (like GPUs or RAID controllers) wouldn’t suffice.
> Additionally, per the original blog post, other methods of exploitation
> require physical access. Either way, this is limited to incredibly motivated
> and well-resourced attackers (like a nation-state with a high-value target
> identified).

[0] [https://capsule8.com/blog/ramming-down-hype-via-intel-
csme/](https://capsule8.com/blog/ramming-down-hype-via-intel-csme/)

~~~
nine_k
It is limited to any well-monied adversary.

So, every serious company should be concerned that their competition (maybe
abroad) will be able to eventually decrypt a lost / stolen laptop with trade
secrets. So every corporate laptop needs its full-disk encryption upgraded.
It's large.

------
annoyingnoob
So ugly, I can't just replace all of our hardware. Remaining forever vigilant
is tiring. CPUs are so broken that security is just a facade.

~~~
rolph
the problem is the hardware being replaced to begin with.

The ME is not needed for the end user to operate thier machine in a secure
manner.

The ME is a trojan that allows intel to manipulate your system and lock you
into the whole DRM nonsense. the only reason Intel platforms havent become as
bad as mobile platforms is because there isnt enough fear of system compromise
from the average user.

[https://en.wikipedia.org/wiki/Intel_Management_Engine](https://en.wikipedia.org/wiki/Intel_Management_Engine)

~~~
animalnewbie
You know if your did less FUD there's a chance people may actually engage in a
conversation with you.

Anyone from enterprise knows his much of a timesaver amt is. I make a call
andi don't have to wait for the IT dude to appear on my desk- he clicks a few
buttons from his desk and my problem is fixed.

~~~
Karunamon
Why does that technology, with attendant attack surface, need to be in
consumer chips on consumer motherboards?

Besides, we already had a solution for this. It can be provided with add-in
cards.

~~~
rolph
one thing that comes to mind is that the consumer-based wedge of the pie is
handled as an enterprise deployment of its own managed by intel.

------
afrcnc
Duplicate:
[https://news.ycombinator.com/item?id=22495251](https://news.ycombinator.com/item?id=22495251)

------
amluto
“utter chaos” seems overstated. I’ve never heard of anyone protecting DRM with
the TPM on any consumer platform.

~~~
Avery3R
TPM, no. I'm fairly sure that PlayReady's HWDRM implementation does integrate
somewhat with ME though.

------
hannula
So it seems that the flaw can’t plausibly be exploited by a remote or adjacent
attacker or software. So what’s the impact here? Warez scene wreaking havoc
with lossless WEB-DLs?

~~~
kristofferR
A ton of warez groups (even a lot of P2P ones) already have a Widewine exploit
that works for >=1080p anyway, some groups (BLUTONiUM, PETRiFiED ++) even have
a 2160p exploit.

It's actually quite amazing that the 1080p exploit hasn't leaked and been
patched yet, considering how widespread it is.

~~~
scenethrowaway
<=1080p content is typically only protected by code obfuscation. There aren't
usually any "exploits", merely a moderately skilled reverse engineering effort
- as such, nothing can be patched any time soon.

------
LargoLasskhyfv
Seems like something like these start to make sense again if you can live with
the limitations:

[https://www.biostar.com.tw/app/en/mb/result.php?model[]=973&...](https://www.biostar.com.tw/app/en/mb/result.php?model\[\]=973&model\[\]=950&)
should be under 100$

------
pabs3
This reminds me of the recent iPhone bootrom vulnerability, which lead to
Android on the iPhone:

[https://checkra.in/](https://checkra.in/)
[https://projectsandcastle.org/](https://projectsandcastle.org/)

------
pontifier
Does anyone still trust their computers, or trust that secrets will remain
secret?

I certainly don't.

------
dependenttypes
This is great. It might be able to be used by programs like me cleaner.

------
tedunangst
How many can there be? (Stories about the same issue, I mean.)

